Professional Documents
Culture Documents
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility
Table of Contents
Introduction.................................................................................................................................................. 5
Company Profile...............................................................................................................................................6
Solution ...........................................................................................................................................................8
Key Components......................................................................................................................................... 10
Enterprise Hybrid Cloud - Solution Overview and Additional Capabilities .......................................................11
Labs...............................................................................................................................................................38
Exercise A.1.3 - Enable the New Storage for Business Use ..............................................................................75
Lab A.2 - Import a Pre-Existing VM into vRealize Automation (10-15 minutes) ............................................. 85
Exercise A.2.1 - Locate the Target VM in VMware vCenter ...............................................................................86
Lab A.3 - Add a vCloud Air Site to vRealize Automation (15-20 minutes).................................................... 115
Exercise A.3.1 - Connect to the Cloud Experience Center and launch the demo .............................................116
Lab B.1 - Create a New IaaS Blueprint and Approval Policy (20-30 minutes) .............................................. 180
Exercise B.1.1 - Create a New IaaS Blueprint ................................................................................................181
Exercise B.1.2 - Enable the New Item for the Self-Service Catalog .................................................................200
Exercise B.1.4 - Assign the Approval Policy to the New VM Blueprint ............................................................217
Lab B.3 - Integrated CMDB Management with ServiceNow (10-15 minutes)............................................... 257
Exercise B.3.1 - Connect to the Cloud Experience Center and launch the demo.............................................258
Exercise B.3.3 - Attach the ServiceNow Build Profile to an Existing IaaS Blueprint.........................................272
Lab C.2 - Deploy Applications and Services with VMware NSX (35-40 minutes) ......................................... 339
Exercise C.2.1 - Deploy a Simple Two-Tier Application ..................................................................................340
Exercise C.2.5 - Writing and Validating Test Data to Application Database ....................................................403
Exercise C.2.6 - Add New Web Servers to Application and Test NSX Load Balancing......................................430
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 5
Company Profile
RainPole Systems is a manufacturer of weather metering and monitoring appliances that are used in the agriculture
industry. RainPoles solutions collect weather data across a wide variety of geographies and climates, and then
aggregate the resulting datasets into big-data models. The information produced from these models gives RainPole's
customers an inside edge that helps them make smarter decisions in their farming and harvesting practices.
Company Background
RainPole's software is a primary differentiator for them in their agriculture-focused market, and their customers have
recognized RainPole's unique ability to both collect and rationalize data from many sources, and see the value of
RainPole's software solutions. This has led to a welcome, but somewhat unexpected growth model for RainPole.
As a result of their sudden increase in demand, RainPole products have expanded beyond their small customer base
in the southwestern United States to the international market. This rapid expansion has hit their manufacturing teams,
who struggle to keep up with demand for their products, as well as the R&D teams that are working to add new
software features. The addition of international customers has also added strain to their financial operations, which
has seen an increase in their workload due to the need to keep up with all of the new ordering, distribution, and
commissioning systems.
In order to streamline operations, development, and testing capabilities at RainPole, the IT team is now offering their
internal customers a new service, in which IT collects and aggregates data for them within the RainPole data center.
This has increased the workload on the IT team as they start to act like a service provider for their customers, well
beyond the scope of their original service of providing hardware and software solutions.
Business Challenge
Like many other organizations, RainPole is trying to do the same three things at all levels of their business:
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 6
Lower operational costs
Increase revenue
Reduce risk
While RainPole has had significant success with their Enterprise Hybrid Cloud solution, business units are asking for a
broader portfolio of cloud-enabled services, delivered quickly and reliably, and consumable by developers and
business customers alike.
In the past, difficulty in meeting these challenges has given rise to public cloud providers who have built technology
and business specifically tailored to meet organizational business units' need for end-user agility and control, while
also providing clear resource utilization and cost information directly to the business. RainPole is under pressure to
provide the same service levelsagility, reliability, and cost transparencybut within the secure boundaries of their
own data center.
As a result, RainPole's IT department has added new capabilities to its Enterprise Hybrid Cloud environment, which
continues to provide a cost-effective alternative to public cloud,, but which do not compromise RainPole's
requirements for enterprise features such as integrated security, data protection, and guaranteed service levels.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 7
Solution
To satisfy the demand for both public-cloud-level functionality and enterprise-class performance and security,
RainPole has upgraded their Enterprise Hybrid Cloud environment to include VMware's vRealize suite of cloud
management tools, delivering an integrated, automated stack of virtualization, storage, management, and data-
protection products and services from EMC and VMware.
The solution that RainPole has deployed empowers their IT organization to accelerate implementation and adoption of
automated cloud services, while still enabling customer choice for compute and networking infrastructure within the
existing RainPole data center. The solution provides opportunities to customers who want to build out dedicated
infrastructure for cloud services, as well as to those who want to add integrated cloud capabilities to their existing
infrastructure.
Solution Benefits
This solution takes advantage of powerful integration points that have been developed by EMC and VMware
engineering and services teams. This includes the use of EMC scalable storage arrays, integrated management and
monitoring tools and data-protection products, to ensure that RainPole's cloud solution delivers traditional IaaS
capabilities that customers are familiar with, as well as introducing application services models to the own
organization with this release.
RainPole's IT department benefits from the rapid, automated resource provisioning and management features offered
by their Enterprise Hybrid Cloud. RainPole's users benefit from being able to spin up new processes and services
simply and quickly, and from having transparent access to resource utilization and cost information.
By simplifying the resource-request process, and by automating resource-provisioning processes through a user-
aware, self-service approach, the IT team is able to deliver services to end users quickly, securely, and effectively.
Together, these components, features, and services combine to produce a secure, high-performance, enterprise-class
service catalog that enables an agile, responsive business. The benefits of the Enterprise Hybrid Cloud solution give
RainPole the ability to deliver products to market more quickly, and to compete more effectively in a global
environment.
Solution Components
VMware vRealize Suite vRealize Automation, vRealize Operations Manager, vRealize Business Standard,
vRealize Log Insight
VMware NSX for vSphere
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 8
EMC ViPR Software-Defined Storage
EMC VNX, Symmetrix VMAX, Scale IO, VPLEX, Isilon, and XtremIO storage platforms
EMC RecoverPoint (DR only)
EMC Avamar and Data Domain data protection platforms
EMC ViPR Storage Resource Management
EMC Data Protection Advisor
EMC and VMware integration features and cloud-enabled, automated workflows
More information about the solution layout is provided in the Lab Overview section of the lab guide.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 9
Key Components
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 10
Enterprise Hybrid Cloud - Solution Overview and Additional Capabilities
The Enterprise Hybrid Cloud is an engineered solution that offers a simplified approach to IT functionality for IT
organizations, developers, end users, and line-of-business owners. In addition to delivering baseline infrastructure as
a service (IaaS), built on the software-defined data center architecture, an Enterprise Hybrid Cloud also delivers
feature-rich capabilities to expand from IaaS to business-enabling IT as a service (ITaaS).
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 11
Solution Approach and Features
The Enterprise Hybrid Cloud is built on an Infrastructure-as-a-Service foundation. The Foundation solution leverages
an ecosystem of components and features to deliver IT and customer value:
Software-defined networking
Software-defined storage
Automation and orchestration
Metering
Security
Log management
EMC and VMware integration
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 12
Foundation Functionality
The Enterprise Hybrid Cloud is an engineered solution, with automated workflows that have been developed, tested,
validated, and supported by EMC. The solution offers seamless, portal-based integration to private (on-premises) and
public cloud services, offering rapid access to both.
A Foundation-level Enterprise Hybrid Cloud includes the following features as part of a standard deployment:
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 13
Physical Resource Elasticity
Elasticity: The Enterprise Hybrid Cloud solution includes custom workflows and
integrations that enable cloud administrators to easily add compute and storage capacity in response to
increased resource demands.
Workload-Optimized Storage
Storage: Through the flexibility of EMC ViPR, as well as the cost reporting capabilities of
the solution, administrators and users are motivated to ensure that workloads are matched to the appropriate
storage tier, and to use the Enterprise Hybrid Cloud's native functionality to manage workload placement.
In addition to the base capabilities found in the Foundation implementation, EMC has created a catalog of available
modular add-ons that customers can choose to implement to extend the capabilities of their hybrid cloud solutions.
The available add-ons can be categorized as follows:
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 14
Enterprise Applications - Microsoft
Microsoft: Templated and automated provisioning of Microsoft Exchange Server,
SharePoint Server, and SQL Server through the self-service portal.
Enterprise Applications - SAP
SAP: Enables the secure, multi-tenant deployment of highly available SAP
landscapes, and automated SAP management and operations.
Enterprise Applications - Oracle
Oracle: Optimized self-service provisioning of Oracle databases; Oracle database
Day 2 operations, and Oracle database monitoring.
For organizations that required additional enterprise-management and deployment capabilities, the flexibility of the
Enterprise Hybrid Cloud platform enables them to integrate select third-party platforms and tools into their cloud
environments. Some large-scale enterprise customers have used some or all of the following management and
automation tools in their Enterprise Hybrid Cloud solution:
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 15
to align workload costs with business value. You can step through the process of adding vCloud Air as a
managed endpoint to vRA in Lab A.4
A.4.
In this vLab, applications and services are presented to demonstrate some of the capabilities and features that the
Enterprise Hybrid Cloud solution provides. The service catalog enables role-based customization, so it can be
different for every customer.
Within the scope of this vLab Guide, we are attempting to showcase a variety of applications and services in the
catalog that may go beyond what the default Foundation installation would provide out of the box.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 16
Data Center Virtualization and Cloud Management
The following VMware components are included in an Enterprise Hybrid Cloud Solution:
Note: The lab environment is a fully functional cloud solution, and users are encouraged to explore beyond the
exercises laid out in this lab guide.
vRealize Automation (vRA) enables customized, self-service provisioning and lifecycle management of cloud services
that comply with established business policies. vRA provides a secure portal where authorized administrators,
developers, and business users can request new IT services and manage existing computer resources from
predefined, user-specific menus.
VMware vSphere ESXi is a virtualization platform for building cloud infrastructures. vSphere enables you to run
business-critical applications confidently to meet your most demanding service level agreements (SLAs) at the lowest
total cost of ownership (TCO). vSphere combines this virtualization platform with the award-winning management
capabilities of VMware vCenter Server. This solution gives you operational insight into the virtual environment for
improved availability, performance, and capacity utilization.
VMware vCenter Orchestrator (vCO) is an IT-process-automation engine that helps automate cloud services, and
integrates the vCloud Suite with the rest of your management systems. vCO enables administrators and architects to
develop complex automation tasks within the workflow designer. The vCenter Orchestrator library - pre-built activities,
workflows, and plug-ins - helps accelerate the customization of vRA's standard capabilities.
VMware NSX is the next generation of software-defined network virtualization, offering additional functionality and
improved performance over traditional network and security devices. This additional functionality includes distributed
logical routing, distributed firewalling, logical load balancing, and support for routing protocols such as Border
Gateway Protocol (BGP), Intermediate System-to-Intermediat System (IS-IS), and Open Shortest Path First (OSPF).
Where workloads on different subnets share the same host, the distributed logical router optimizes traffic flows by
routing locally. This enables substantial performance improvements in throughput, with distributed logical routing and
firewalling providing line-rate performance distributed across multiple hosts, instead of being limited to a single
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 17
virtual machine or physical host. NSX also introduces Service Composer, which integrates with third-party security
services.
VMware vRealize Operations (vROps) is the key component of the vRealize Operations Management Suite. It provides
a simplified approach to operations management of vSphere, physical, and cloud infrastructures. Using patented,
self-learning analytics and an open, extensible platform, vROps provides operational dashboards that enable you to
gain deep insights and visibility into the health, risk, and efficiency of your infrastructure, performance management,
and capacity optimization capabilities.
vROps is extensible, and allows for the inclusion of "solution packs" that enable EMC to include data collection and
analysis of data from VMAX and VNX storage arrays.
VMware vRealize Business Standard (vRB) provides transparency and control over the cost and quality of IT services.
By providing a business context to the services that IT offers, vRB helps IT organizations shift from a technology
orientation to a service-broker organization, delivering a portfolio of IT services that align with the needs of business
stakeholders.
VMware vRealize Log Insight delivers automated log management through log aggregation, analytics, and search
capabilities. With an integrated cloud operations-management approach, it provides the operational intelligence and
enterprise-wide visibility needed to proactively enable service level compliance and operational efficiency in dynamic
cloud environments.
The Enterprise Hybrid Cloud enables IT organizations to broker public cloud services, and has been validated with
VMware vCloud Air as a public-cloud option that can be accessed directly from the solution's self-service portal by
administrators and users. End users can provision virtual machines, while IT administrators can perform virtual
machine migration (offline) from the on-premises component of their hybrid cloud to vCloud Air using VMware vCloud
Connector.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 18
Storage and Storage Virtualization Components
The EMC storage and storage virtualization components of the Enterprise Hybrid Cloud Solution include:
EMC ViPR
EMC ViPR is a lightweight, software-only solution that transforms existing storage into a simple, extensible, and open
platform. ViPR extends current storage investments to meet new cloud-scale workloads, and enables simple data and
application migration out of public clouds and back under the control of IT (or vice versa). ViPR gives IT departments
the ability to deliver on-premises, fully automated storage services at price points that are at or below those of public
cloud providers.
EMC ViPR SRM provides comprehensive monitoring, reporting, and analysis for heterogeneous block, file, and
virtualized storage environments. It enables you to visualize applications to storage dependencies, monitor and
analyze configurations and capacity growth, as well as optimize your environment to improve return on investment.
Workload-optimized storage
The Enterprise Hybrid Cloud solution enables customers to take advantage of the proven benefits of EMC storage in a
cloud-enabled environment. Using EMC ViPR storage services and EMC XtremIO, EMC ScaleIO, EMC VNX, and EMC
VMAX capabilities, this solution provides policy-based, software-defined storage management of EMC block and file
storage.
With a scalable storage architecture that uses the latest flash and tiering technologies, EMC storage arrays enable
customers to satisfy any workload requirements with maximum efficiency and performance, in the most cost-effective
way. With EMC ViPR, the storage configuration is abstracted and presented as a single storage control point, enabling
cloud administrators to access all heterogeneous storage resources within a data center as if they were a single large
array.
Storage administrators maintain control of storage resources and policies while enabling the cloud administrator to
automatically provision to the cloud infrastructure.
EMC VNX and EMC Symmetrix VMAX (VNX only in this lab environment)
EMC VNX and EMC Symmetrix VMAX are powerful, trusted, and smart storage array platforms that provide the highest
level of performance, availability, and intelligence in on-premises cloud environments. EMC VNX and VMAX storage
systems offer a broad array of functionality and tools, such as Fully Automated Storage Tiering for Virtual Pools (FAST
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 19
VP), which enable multiple storage service levels to support ViPR-driven storage-as-a-service offerings in RainPole's
hybrid-cloud environment.
EMC FAST VP for VNX optimizes array performance across all drive types in the array to improve system performance
while reducing cost. FAST VP technology dynamically allocates workloads based on the configured service level, and
nondisruptively moves workloads across storage types to optimize overall system performance.
EMC XtremIO
EMC XtremIO is an all-flash scale-out enterprise storage array that provides substantial improvements to I/O
performance. Purpose-built to leverage flash media, XtremIO delivers new levels of real-world performance,
administrative ease, and advanced data services for applications.
EMC ScaleIO
EMC ScaleIO is a software-only server-based storage area network (SAN) that converges storage and compute
resources to form a single-layer, enterprise-grade storage product. ScaleIO storage is elastic and delivers linearly
scalable performance. Its scale-out server SAN architecture can grow from a few to thousands of servers.
EMC Isilon
EMC Isilon is a scale-out network-attached storage (NAS) storage platform that provides a powerful, simple and
efficient way to consolidate and manage enterprise data and applications. Its OneFS Operating System intelligently
combines file system, volume manager, and data protection across all nodes within a cluster.
EMC RecoverPoint
EMC RecoverPoint is an advanced data protection, replication, and disaster recovery solution designed with the
performance, reliability, and flexibility required for enterprise applications in heterogeneous storage and server
environments. It provides local replication and bidirectional remote replication for physical, virtual, and cloud
environments.
EMC VPLEX
The EMC VPLEX family removes physical barriers within, across, and between data centers. VPLEX Local provides
simplified management and nondisruptive data mobility for heterogeneous arrays. VPLEX Metro and VPLEX Geo
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 20
provide data access and mobility between two VPLEX clusters within synchronous and asynchronous distances
respectively. With a unique scale-out architecture, VPLEX advanced data caching and distributed cache coherency
provide:
Workload resiliency
Automating sharing, balancing, and failover of storage domains
Local and remote data access with predictable service levels
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 21
Enterprise Hybrid Cloud Data-Protection Components
EMC Avamar Backup and Recovery
EMC Avamar backup and recovery is a fast, efficient system that is provided through a complete software and
hardware solution. Equipped with integrated, variable-length deduplication technology, Avamar backup and recovery
software provides integrated-source and global data deduplication, which facilitates fast, daily full backups for cloud
environments.
With EMC Data Protection Advisor (DPA), you can automate and centralize the collection and analysis of all data across
backup applications, replication technologies, the virtual environment, and supporting infrastructure. This provides a
single, comprehensive view of your data-protection environment and activities. In addition, when integrated with vCO
workflows, DPA can be used to provide on-demand reporting of backup statistics and status.
For additional data-protection support, although it is not included in this hybrid-cloud solution, consider using EMC
Data Domain as the target repository for Avamar backups instead of an Avamar server. Data Domain storage systems
deduplicate data in-line, so that it lands on disk already deduplicated, requiring less disk space than the original
dataset. With the Data Domain system, you can retain backup and archive data onsite longer, to enable quick and
reliable data recovery from disk.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 22
EMC and VMware Integration
The solution takes advantage of the strong integration between EMC technologies and the VMware vRealize Suite. The
solution, developed by EMC and VMware product and services teams, includes EMC scalable storage arrays,
integrated EMC and VMware monitoring, and data protection suites to provide the foundation for enabling cloud
services within the customer environment.
Integration Overview
The Enterprise Hybrid Cloud solution contains many integration points between EMC and VMware products, tying
virtualization to automation to orchestration to network to storage to data protection to management to monitoring.
Storage Services
Though managed by EMC ViPR, both VNX and VMAX support VMware vSphere Storage APIs for Array Integration (VAAI),
which offloads virtual machine operation to the storage array controller to optimize server performance.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 23
Both platforms also support VMware vSphere Storage APIs for Storage Awareness (VASA), which enables vCenter to
collect and report the storage capabilities of ViPR-provisioned datastores. Administrators use VASA to make intelligent
placement decisions, as well as to automate workload placement where appropriate using virtual machine and
datastore service-level storage policies.
All VMware vSphere ESXi servers in the solution run EMC PowerPath/VE for automatic path management and I/O load
balancing in the SAN. EMC PowerPath/VE automates failover and recovery, and optimizes load balancing of data paths
in virtual environments to ensure availability, performance, and the ability to scale out mission-critical applications.
The EMC ViPR Storage Provider plays a key role in this solution in identifying the capabilities of the storage presented
to ESXi servers managed by vCenter. A VASA-integrated storage profile is created in vCenter for each class, or tier, of
storage presented to the ESXi host by ViPR. These storage profiles are used by ITBM to classify and charge for each tier
of storage presented and consumed in vCAC.
Orchestration
The ViPR plug-in for vCenter Orchestrator provides an orchestration interface to the EMC ViPR software platform. It
includes pre-packaged workflows, used through the vCO client and other clients that support vCO integration. The
prepackaged workflows contain sets for common ViPR operations and sets of building block workflows intended for
detailed ViPR operations, such as Virtual Machine File System (VMFS) or Network File System (NFS) datastore
provisioning.
The EMC ViPR plug-in is installed in the vCenter Orchestrator configuration interface.
Powered by vRealize Operations Management, the EMC Storage Analytics adapter provides a powerful management
tool for VMware and storage administrators to access realtime intelligent analytics for the individual VNX, VMAX,
VPLEX, and XtremIO platforms. Administrators can get detailed statistics through preconfigured, customizable
dashboards, heat maps, and alerts and access topology mappings in a VMware environment.
EMC also provides storage and data protection content packs for use with VMware vRealize Log Insight. Content packs
for VNX and VMAX provide dashboards and user-defined fields specifically for those EMC products that enable
administrators to conduct problem analysis.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 24
Metering
EMC ViPR Storage Provider plays a key role in this solution in identifying the capabilities of the storage presented to
ESXi servers managed by vCenter. A storage profile is created in vCenter for each class, or tier, of storage presented by
ViPR. These storage profiles are used by VMware vRealize Business to classify and charge for each tier of storage
presented and consumed in vRealize Automation.
Data Protection
Using the vRealize Automation application program interface (API) and extensibility toolkits, this solution implements
custom functionality to provide Avamar-based, image-level backup Modular add-on components EMC and VMware
integration services for applications and file systems within a single organization or multiorganization hybrid cloud
environment.
With this solution, enterprise administrators can offer IaaS with EMC backup to end users who want a flexible, on-
demand, automated backup infrastructure without having to purchase, configure, or maintain it.
Data protection capabilities for the solution are covered in further detail in the Enterprise Hybrid Cloud Data-Protection
Components section of the Guide. These components and features are integrated with vRealize, vCenter, vCenter
Orchestrator, and other VMware components through the following mechanisms:
EMCs Storage Replication Adapters (SRAs) ensure tight integration between vCenter Site Recovery Manager and the
RecoverPoint and ViPR products. The SRAs automate the replication and data-sync operations for coordinated disaster
recovery failover and planned-migration operations.
The EMC RecoverPoint Storage Replication Adapter for VMware vCenter Site Recovery Manager enables Site Recovery
Manager to implement disaster recovery using RecoverPoint. The RecoverPoint SRA supports Site Recovery Manager
functions, such as failing over, failing back, and failover testing, using RecoverPoint as the replication engine.
The EMC ViPR Storage Replication Adapter for VMware vCenter Site Recovery Manager provides the same functionality
for protected storage provisioned using EMC ViPR.
With vCO, cloud administrators can use the data-protection workflows created by EMC to automate Avamar and Data
Domain protection of virtual machines. These workflows are added to the vRA virtual-machine provisioning blueprints
so that users can easily set up protection at provisioning time. In addition, workflows can be used to enable simple
restore of the last good backup for a specific virtual machine.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 25
Administrators can also use workflows that carry out the complete protection policy setup on Avamar and vCenter
systems, to facilitate quick and easy deployment of the infrastructure needed to support all of the end-user protection
needs.
Additional data-protection components for the Enterprise Hybrid Cloud are described in the next section.
The Enterprise Hybrid Cloud solution stack also includes storage and data protection content packs for use with
VMware vCenter Log Insight. EMC content packs for Avamar, VNX, and VMAX provide dashboards and user-defined
fields specifically for those EMC products that enable administrators to successfully analyze and resolve cloud
infrastructure issues.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 26
Modular Add-On Components
Using the vRealize Automation application program interface (API) and extensibility toolkits, this solution implements
custom functionality to provide Avamar-based, image-level backup Modular add-on components EMC and VMware
integration services for applications and file systems within a single organization or multiorganization hybrid cloud
environment.
With this solution, enterprise administrators can offer IaaS with EMC backup to end users who want a flexible, on-
demand, automated backup infrastructure without having to purchase, configure, or maintain it.
Application Services
The Enterprise Hybrid Cloud uses VMware vRealize Application Services to optimize application deployment and
release management through logical application blueprints in vRealize Automation. A drag-and-drop user interface
lets you quickly and easily deploy blueprints for applications and databases such as Microsoft Exchange, Microsoft
SQL Server, Microsoft SharePoint, Oracle, SAP, and Cloud Foundry.
This Enterprise Hybrid Cloud solution enables IT organizations to broker public cloud services. This solution has been
validated with VMware vCloud Air as a public cloud option that can be accessed directly from the solution's self-
service portal by administrators and users. End users can provision virtual machines while IT administrators can
perform virtual machine migration (offline) from the on-premises component of their hybrid cloud to .vCloud Air using
VMware vCloud Connector
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 27
Lab Overview
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 28
Lab Environment
The environment for this vLab includes the following:
4 x VMware ESXi host servers: two hosts for cloud infrastructure virtual machines, and two hosts for the collective
business groups' various resource pools
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 29
1 x VMware vRealize Automation Application Services virtual appliance
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 30
Additional Management Infrastructure
You will access the environment and perform all tasks from the Launchpad server. Specific connection instructions
and login credentials will be provided for each component within the body of this Guide as necessary.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 31
Note: Lab Performance
This vLab attempts to create a functional Enterprise Hybrid Cloud solution stack in the smallest footprint possible.
You'll find that the solution's component virtual machines, hosts, and management appliances have all been
minimized beyond the normal sizing guidance for an Enterprise Hybrid Cloud environment.
This lab environment uses a VNX Virtual Storage Appliance (VSA) and virtual Avamar appliance, rather than physical
storage and backup hardware. The performance of these virtual appliances may be significantly slower than on
physical equipment. As a result, you may find that some tasks run longer in the lab environment using the VSAs than
you would see on real storage and virtualization hardware.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 32
Lab Credentials
Within the scope of the lab guide, you will log in to three management consoles: vRealize Automation, vCenter Server,
and vRealize Operations Manager.
Due to the multi-persona nature of this vLab, you will use several sets of credentials to connect to vRA.
vRealize Automation
Developer Credentials
vRealize Orchestrator
vCenter Server
You will log in to vCenter in Lab A.2 using your Windows user ID.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 33
User name: vlab\administrator
Password: Password123!
In Lab C.2
C.2, you'll use the following credentials to log in to vCenter and review its NSX security policies:
Additional credentials
The above list includes all the login credentials you will need to complete the steps outlined in the lab guide. If you
need to access any of the component-level systems that make up the Enterprise Hybrid Cloud solution - e.g.: the
domain controller; the Mail server; Log Insight, vRealize Operations, etc. - additional credentials and systems
connectivity information have been included in the lab's Collateral page as a separate download.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 34
Lab Scenario
This vLab demo has been arranged to support several personas that represent normal users of an Enterprise Hybrid
Cloud. The use of the personas is meant to help guide vLab participants toward the parts of the solution that are the
most relevant to their users and their use cases.
Lab Roles
The personas that have been created for this lab are
Cloud Administrator
This user represents the team that manages and monitors the on and off-prem cloud infrastructure to ensure that the
hybrid cloud is meeting the demands of the cloud users. In addition to having responsibility for the more traditional
aspects of a virtualized environment (capacity, performance, data protection, etc.), this team ensures that members of
RainPole's various business and IT groups are able to create, manage, and monitor their own cloud-enabled
workloads.
The cloud administrator doesnt have to be a storage, server, or virtualization administrator. Most of the work is
performed in the self-service portal or the associated hybrid cloud management portals.
Business Analyst
This user focuses on the applications that make the business run, and acts as an intermediary between the business
and IT. The business analyst engages directly with the end-users and the lines of business to satisfy the IT
requirements of business initiatives and programs.
Translating the requirements of a new application into the blueprints and templates available from the self-
service portal
Working directly with the Cloud Administrators and Business Group Administrators to proactively create new
services and offerings to place into the self-service portal
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 35
Helps to manage existing applications in the cloud by supporting upgrades, ensuring performance, and end
user functionality
Developer
The developer is a very broad term for a user who is using the agile and on-demand attributes of the hybrid cloud to
quickly create new development and test environments, and to work with the business analysts to provision QA and
production environments as applications move through their lifecycle. The developer persona is all about reducing
the time to value, and benefits from a quick turnaround of IT resources all in an effort to focus on their development
activities.
Functionality provided by the hybrid cloud solution for developers that they would tend to focus on includes
The Cloud Administrator manages the infrastructure of the environment. In this role, the cloud administrator ensures
that resources are being consumed and distributed properly, and that enough resources are available to support the
cloud users and their requirements.
Provisioning and entitling cloud resources, such as compute, storage, and data protection
Managing cloud infrastructure in enterprise environments - adding and managing sites, applying enterprise-
class best practices to management and monitoring, working in conjunction with security teams to ensure
compliance with corporate data protection standards
Creating new cloud services, such as data-protection policies, blueprints, and applications, for end-user
consumption
Approving cloud resource requests
The Business Analyst creates new virtual environments for the end users and lines of business. This includes
requesting new backup polices as they are needed by the business, provisioning resources, and also performing
administrative tasks as needed on the existing applications.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 36
Provisioning and managing VMs using the self-service portal
Self-service data protection (backup and restore operations, snapshot instantiation and management)
Expanding existing virtual machine resources
Deleting or expiring no-longer-needed VMs
The Developer in this vLab will be used as a test account. The Cloud Administrator will create a new IaaS blueprint and
approval policy, which will then be enabled for Developer access. The Developer account will request a new VM based
on this blueprint, which will in turn trigger an approval request for the Cloud Administrator to review and approve.
Requesting, configuring, and maintaining simple and complex Application environments, ranging in size from
one to many application/service tiers per Application instance.
Provisioning new development and test virtual machines on a regular basis to meet customer and business
initiatives.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 37
Labs
This Enterprise Hybrid Cloud lab is organized into three distinct Sections, each of which is further divided into between
two and four Labs, each of which is intended to provide a technical overview of a distinct cloud solution component,
service, or use case.
1. Section A Labs are targeted toward the operational scope of a cloud-infrastructure administrator.
2. Section B Labs
Labs, while performed by the Cloud Administrator in this vLab, might in reality be delegated to
specific service administrators and architects, as these Labs focus on creating and publishing new services to
Enterprise Hybrid Cloud environments.
3. Section C Labs show how some of these cloud services can be experienced and consumed by cloud
customers.
This section of the Enterprise Hybrid Cloud v3.5 lab focuses on cloud administrative tasks, such as provisioning and
adding cloud infrastructure resources, creating and entitling cloud infrastructure resource pools, and managing
infrastructure sites and components.
In order to show some of the advanced features that an Enterprise Hybrid Cloud offers, but which are not supported in
a vLab environment, this section includes two labs that leverage the Cloud Experience Center's interactive demo
capabilities to show you a full simulation of additional use cases: adding a vCloud Air virtual data center to vRealize
Automation as a managed endpoint; and managing your VCE converged infrastructure from the vRealize Automation
self-service portal using VCE integrated workflows.
In this section, as the Cloud Administrator, you'll perform the following labs:
This Lab will show how a Cloud Administrator can leverage the integration of EMC ViPR and VMware vRealize
Automation to rapidly and easily deploy new storage, and then provision it into cloud resource pools for consumption
by business groups.
In this Lab, as the Cloud Administrator, you will use the vRealize Automation self-service portal to add more capacity
to an existing storage tier in the cloud environment. You will then assign that new storage to two different business
groups, thereby enabling them to provision new cloud workloads and VMs using that storage.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 38
Lab A.2 - Import a Pre-Existing VM into Cloud Environment (Cloud Administrator)
After deploying an Enterprise Hybrid Cloud solution, organizations sometimes find it necessary to expand the scope of
cloud-managed resources to include elements, components, services, and workloads that were created outside the
cloud environment. Importing pre-existing resources can enable cloud administrators to provide continuity of service -
i.e. maintain existing services and support critical business processes - while bringing those applications and
resources into the Enterprise Hybrid Cloud's centrally-managed, user-enabled services catalog.
In this Lab, in the role of the Cloud Administrator, you will import a pre-existing virtual machine into vRealize
Automation and assign the Developer user as the new owner.
With an Enterprise Hybrid Cloud, you can manage resources and workloads across multiple sites - both public and
private cloud infrastructure - from within the same vRealize Automation self-service portal.
In this Lab, you will use the Cloud Experience Center to see how to connect your Enterprise Hybrid Cloud to a vCloud
Air site, and how to configure your environment with a new reservation and vCloud Air-based blueprint. Finally, you'll
deploy a new VM to your vCloud Air data center from the vRealize Automation self-service portal.
In this section of the Enterprise Hybrid Cloud v3.5 lab, we've compiled a series of use cases and demos that show how
a cloud administrator, backup administrator, or application architect would create an initial set of cloud services, or
expand an existing service catalog with new applications and workloads to meet evolving business needs.
To show some of the advanced features that an Enterprise Hybrid Cloud offers, but which are not supported in a vLab
environment, this section includes one lab that leverages the Cloud Experience Center's interactive demo capabilities.
In Lab B.3, you'll see a full simulation of how to integrate a VM blueprint with a ServiceNow CMDB management
platform to integrate self-service VM provisioning with an enterprise management system.
In this section, as the Cloud Administrator, you'll perform the following labs:
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 39
Lab B.1 - Creating a New Infrastructure-as-a-Service Blueprint (Cloud Administrator)
This Lab will walk you through the process of creating, configuring, and publishing a new VM-provisioning blueprint to
the catalog. You'll also see how catalog items are enabled for access by specific cloud customers. You will then create
an approval policy and attach it to the catalog item to require Cloud Administrator approval for users wishing to use
the blueprint for new VMs. Finally, you'll test the blueprint and approval policy by requesting a new VM as the
Developer user.
As the Cloud Administrator, you can create multiple backup service levels for your cloud environment, based on your
organization's requirements for backup scheduling, data retention, and archiving. These service levels are presented
to your customers during the VM request process, and are supported behind the scenes by EMC Avamar and
(optionally) Data Domain. Backups are automatic according to the configured schedule, or can be initiated manually if
necessary.
In this Lab, as the Cloud Administrator, you will create and verify a new backup service level.
While the self-service capabilities and business agility offered by an Enterprise Hybrid Cloud means rapid delivery of
new VMs and application stacks to cloud customers, it can present new challenges to IT administrators and staff
focused on IT configuration and service management. CMDB management often assumes that items in its inventory
are fairly static in lifecycle, so CMDB records are often updated by manual processes. In dynamic environments (e.g.
an Enterprise Hybrid Cloud platform) where workloads are rapidly spun up and then retired, a CMDB can quickly go
stale, jeopardizing IT service levels and diminishing its value.
In this Lab, you'll see how the Enterprise Hybrid Cloud's self-service and automated VM-deployment capabilities can
be configured to work seamlessly with a ServiceNow CMDB environment. To demonstrate this third-party integration
features of an Enterprise Hybrid Cloud, you'll use the Cloud Experience Center to experience the process.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 40
Section C - Deploying and Accessing Cloud-Based Services
This section of the Enterprise Hybrid Cloud vLab shows some of the ways in which a cloud consumer could deploy,
access, and use cloud-based services from the vRealize Automation self-service portal. Through service blueprints and
automation, cloud and application administrators can enable the deployment of both large-scale applications and
niche workloads within a hybrid-cloud environment.
In order to show some of the advanced features that an Enterprise Hybrid Cloud offers, but which are not supported in
a vLab environment, this section includes one lab that leverage the Cloud Experience Center's interactive demo
capabilities to show you a full simulation of VM data encryption using CloudLink SecureVM.
In this section you'll connect to vRealize Automation as an end user for the following tasks:
In this Lab, you will log in to vRealize Automation using the Business Analyst account, and request a new virtual
machine from the business analyst's self-service portal.
Once the VM has been deployed, you will then review the VM's data-protection options, first by capturing a snapshot
of the VM, and then running on-demand backup and restore operations.
Next, while still logged on to vRA as the Business Analyst, you will change the VM's hardware allocation by adding
CPU, memory, and disk resources to the VM.
Finally, using the Business Analyst's vRA self-service portal, you will destroy the VM.
In this Lab you will log into vRealize Automation as the Developer, and deploy a series of web servers and a multi-tier
application that use VMware NSX for application security and automated network load balancing. You'll validate both
application security and application functionality to see how NSX enables both.
In the final Exercise, you'll use the self-service portal to add new web servers to the multi-tier application, and verify
NSX-based network load balancing.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 41
Lab C.3 - Deploy a Puppet VM
In this Lab, you'll log on to vRealize Automation as the Developer user, and use an IaaS blueprint that leverages
Puppet and vCenter Orchestrator to provision a virtual machine with Tomcat web services automatically installed as
part of the deployment process. Then, you will verify application functionality by connecting to the new VM via web
browser.
In this Lab, you'll use the Cloud Experience Center to provision a Windows 2012 Server virtual machine that leverages
a CloudLink security policy. You'll assign an encryption setting during the deployment process to secure the VM's
System and Data volumes, and then monitor the deployment process to completion and validate the VM's security
status.
You'll then add a new volume to the Windows VM and watch CloudLink automatically discover and encrypt the new
volume.
These labs are designed to be performed independently of one another. You can complete the labs in any order,
though the Exercises within each Lab should be completed in sequence. It is also recommended that when you begin
a Lab, you complete all of the Exercises within the Lab.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 42
Lab Timing
This is a very large lab with a wide variety of use cases demonstrated. While about half of all modules in this Guide are
performed as the Cloud Administrator, there is also a significant amount of time spent in the role of various cloud-
services consumers.
Completing the entire Enterprise Hybrid Cloud v.3.5 vLab can take anywhere from two-and-a-half to four hours from
start to finish. If you wish to complete the entire lab from start to finish, you may need to complete the lab over several
visits of 60-90 minutes each due to the limited lease duration of a lab session. There are no cross-lab dependencies -
each Lab can be performed individually without precursor - so you can begin a new session at another time without
having to repeat any prior work.
These times are repeated at the beginning of each Lab to help you prioritize your time as you work through the Guide.
In addition to the Sections listed above, which can be completed individually during the course of a 60-90 minute lab
session, the following suggested lab tracks may offer a more optimal experience, depending on your objective in
completing the Enterprise Hybrid Cloud lab.
If you've completed an earlier version of the Enterprise Hybrid Cloud lab and are looking for new content associated
with this release, please complete the following labs:
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 43
1. Lab A.3 - Add a vCloud Air Site to vRealize Automation (based on an interactive demo environment)
2. Lab B.3 - Integrated CMDB Management with ServiceNow (based on an interactive demo environment)
3. Lab C.2 - Deploy Applications and Services with VMware NSX
4. Lab C.3 - Deploy a Puppet VM
5. Lab C.4 - Protecting Data Using CloudLink SecureVM (based on an interactive demo environment)
If you're looking for a deeper dive into Enterprise Hybrid Cloud use cases, the following labs offer a high-value hands-
on overview:
1. Lab A.3 - Add a vCloud Air Site to vRealize Automation (based on an interactive demo environment)
2. Lab B.1 - Create a New IaaS Service Blueprint and Approval Policy
3. Lab C.2 - Deploy Applications and Services with VMware NSX
4. Lab C.3 - Deploy a Puppet VM
Standalone labs
If time is limited, consider completing only one or two high-value or high-interest labs. There are no interdependencies
from one lab to the next, so you can complete any or all labs, and in any order.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 44
Lab A.1 - Storage Provisioning with
EMC ViPR (15-20 minutes)
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 45
Exercise A.1.1 - Introduction to Cloud Management and Services
In this Lab, as the Cloud Administrator, you will use the vRealize Automation self-service portal to add more capacity
to an existing storage tier in the cloud environment. You will then assign that new storage to two different business
groups, thereby enabling them to provision new cloud workloads and VMs using that storage.
Management and customer services in the Enterprise Hybrid Cloud are created, provisioned, and consumed in
vRealize Automation, which is accessed via web browser.
In this first exercise, you will launch Firefox and log in to vRA as the Cloud Administrator.
From the desktop, double-click the Mozilla Firefox icon to open the web browser. For optimal viewing, maximize the
browser to fill your desktop.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 46
Log in to the vRealize Automation management portal
The browser's default home page should be set to the VMware vRealize Automation login portal.
NOTE: If the vRA portal does not load automatically, click the vRA button in the Firefox bookmarks bar, or enter the
following in the address window:
https://vra.vlab.local/vcac/org/rp/
In vRealize Automation, services, management tasks, and status are all accessed via the Self-Service Portal
Portal, which will
display once your login has completed.
The tabbed row across the top of the portal enables navigation through the services and functions offered by vRA.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 47
The Cloud Administrator's home page has been configured in this lab to provide an at-a-glance look at the Cloud
Administrator's Inbox
Inbox, servers and services that the Cloud Administrator owns, new and noteworthy services, recent
and upcoming events, and recent Cloud Administrator requests.
The Home page is individually customizable - each user can select the widgets to display and the layout they prefer.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 48
Service Catalog page
The Catalog page is where services and VMs can be requested. The Catalog view is also user-aware, so users only see
the cloud services for which they have been specifically entitled.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 49
Items page
The Items page shows cloud VMs and applications that you (in this case, the Cloud Administrator
Administrator) own. Each user will
see a different list of items: The Cloud Administrator user, whose responsibilities focus primarily on infrastructure and
service management, does not have any pre-provisioned VMs in this environment. Later in the Lab, you'll log in as the
Business Analyst user and / or the Developer user, and you'll see that each has one or more VMs that they own.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 50
Requests page
The Requests page lists all requests, both current and past, which have been submitted by the logged-in user.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 51
Inbox
The Inbox displays any pending actions that you need to take within vRA.
Examples of requests that might require approval include creating large VMs, enabling new services, or deleting
certain types of virtual machines. You'll work with Approval Policies in Lab B.1
B.1.
In addition to Approval notifications, the Cloud Administrator's Inbox also has categories that might contain assigned
tasks and reclamation requests.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 52
Advanced Services
Advanced Services let you manage and configure advanced-service offerings, such as customized workflows, services,
and actions.
This tab is accessible only to cloud users with sufficiently elevated administrative rights.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 53
Administration
The Administration page is where most cloud-management tasks, configuration settings, and external data-center/
resource connections are performed and configured.
This tab is also accessible only to cloud users with sufficiently elevated administrative rights. You'll work with some of
the available configuration settings and items on this tab in Lab B.1
B.1.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 54
Infrastructure
The Infrastructure page is where cloud resources (as opposed to services) are managed. Resources include hosts,
storage, blueprints, and managed endpoints such as remote and disaster recovery sites, and public cloud providers.
This tab is also accessible only to cloud users with sufficiently elevated administrative rights. You'll work with some of
the available configuration settings and items on this tab in Labs A.1
A.1, A.2
A.2, A.3
A.3, B.1
B.1, and B.3
B.3.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 55
Business Management
The Business Management tab provides access to the vRealize Business (vRB) financial oversight and management
tool.
This tab is only presented to users who are granted access to vRB data.
Services and resources that have been made available for user request are presented as tiles, each of which can be
requested by clicking the individual tile's Request button.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 56
The default view shows all available catalog items for which the user has been entitled (the All Services view). Each
catalog item has also been grouped with other similar items into one of several Services
Services, which are shown in the
navigation column on the left side.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 57
Step 4 - Filter by Service
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 58
View available Virtual Servers catalog items
In the right-hand window, you'll see a series of tiles showing available virtual servers to request from the catalog.
You'll see multiple tile types, showing different VM blueprints for each type. In this view, each tile is repeated three
times, but the business group in each repeat is different - DevOps, IT Operations, and EHC Operations.
In subsequent Labs, you'll log in to vRealize Automation as a Business Analyst (a member of the EHCOperations
business group) and as a Developer (a member of the DevOps business group). You'll see different catalog views
associated with each user account.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 59
Step 5 - Cloud Management by service
Click the Data Protection Services menu bar in the navigation widget.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 60
Data Protection Services
In addition to requesting new virtual machines, the Enterprise Hybrid Cloud with vRealize Automation has also been
configured to enable certain cloud-management services as catalog items.
You'll see a series of data-protection creation and management catalog items in this view.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 61
Catalog item entitlements
You'll also notice that all tiles are entitled to the IT Operations group, of which only the Cloud Administrator is a
member, rather than the different groups you saw in Step 3. If you were to log in as either the Business Analyst or the
Developer, you would not see the Data Protection Services menu item at all.
Entitlements (enabling access to cloud resources and/or services) are covered in more detail in Lab B.1
B.1.
Resource-management services
In addition to integrating automatic data-protection creation and management services, the Enterprise Hybrid Cloud
also includes the ability to create new cloud storage resources through via the service catalog. In Exercise A.1.2
A.1.2, you'll
leverage this service to provision a new datastore for cloud customer use.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 62
Exercise A.1.2 - Provision New Cloud Storage
In this exercise, you will use the self-service portal in your role as the Cloud Administrator to add more space to the
RainPole Enterprise Hybrid Cloud environment's VNX-SAS storage pool.
You will then make that new storage available for tenant (DevOps and IT Operations) VMs in the Enterprise Hybrid
Cloud environment.
NOTE: This Exercise assumes that you've logged in to the vRealize Automation self-service portal as the Cloud
Administrator. If not, instructions for logging in to vRA are provided in Exercise A.1.1
A.1.1. In an actual Enterprise Hybrid
Cloud environment, tasks such as this can be delegated/assigned to a storage administrator user for completion to
streamline cloud security and operations. In this vLab, you're performing this task as the Cloud Administrator to
minimize the number of required logon operations you'll need to perform.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 63
Step 1 - Open the Cloud Storage service page
To begin this Exercise, click the Storage Management service menu bar in the navigation widget.
NOTE: The Provision Cloud Storage workflow, which integrates EMC ViPR software-defined storage management with
VMware vRealize Orchestrator and vRealize Automation, is included as part of the Enterprise Hybrid Cloud -
Foundation solution.
Once the Provision Cloud Storage service page loads, click the Request button inside the Provision Cloud Storage tile.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 64
Enter a request description
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 65
Provide password for storage request
1. On the Authentication page, enter the Cloud Administrator's password - Password123! - to authorize the
storage request.
2. Click Next
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 66
Specify the target site
1. On the Provisioning Site tab, click the drop-down button and select vLab
2. Click Next
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 67
Select the target vCenter resource cluster
1. On the vCenter Cluster page, click the drop-down button next to the Choose vCenter cluster field, and choose
Tenant
2. Click Next
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 68
Select the target storage type
1. Click the drop-down button next to the Choose datastore type menu of the Storage Type page, and select
VMFS
2. Click Next
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 69
Select the target storage tier
1. Click the drop-down button next to the Choose a ViPR storage tier field of the Storage Tier page, and select
VNX SAS; available:82GB
2. Click Next
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 70
Specify the new datastore size
1. On the Datastore Size page, enter 15 in the Size (GB) field. This will create a 15GB datastore.
2. Click Submit
After a few seconds, you'll see a request confirmation page. Click OK to return to the self-service catalog page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 71
Step 3 - Monitor the Storage Provisioning Request
When the Requests page loads, you'll see the Provision Cloud Storage operation that you just submitted, with the
request status showing In Progress
Progress.
Click the Authentication tab to review the storage pool parameters as provided to ViPR when you submitted the
request.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 72
1. Clicking the tabs across the top of the page will show you the details that you provided including description,
storage location, datastore type, storage tier, and size.
2. When you've finished reviewing the details of the new storage request, click OK to return to the Requests
page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 73
Refresh the page
Click the Refresh button at the bottom of the page to reload the request status. Repeat until the Provision Cloud
Storage request's status changes to Successful
Successful.
Provisioning cloud storage through EMC ViPR and the vRealize Automation service catalog creates a new vSphere
datastore using the size and tier parameters you specified.
A successful completion of this request means that EMC ViPR has created a new LUN on the VNX storage array,
attached it automatically to the cloud infrastructure's underlying vCenter server and vSphere hosts as an iSCSI
datastore, and added it to the pool of available resources in vRA.
In Exercise A.1.3
A.1.3, you will configure the new storage for tenant access, making it available for new cloud workloads.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 74
Exercise A.1.3 - Enable the New Storage for Business Use
In Exercise A.1.2
A.1.2, as the Cloud Administrator, you created 15GB of new VNX SAS storage through the vRealize
Automation self-service portal.
In this Exercise, you'll make that new storage capacity available for tenant access by allocating it to two of your
business groups' resource pools.
NOTE: In an actual Enterprise Hybrid Cloud environment, tasks such as this can be delegated/assigned to a storage
administrator user to streamline cloud security and operations. In this vLab, you're performing this task as the Cloud
Administrator to minimize the number of required logon operations you'll need to perform.
From the Requests tab in the vRA self-service portal, click the Infrastructure tab.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 75
Continue to the Reservations page
From the Infrastructure Recent Events page, click the Reservations bar in the left-hand menu column.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 76
View Business Group Reservations
1. On the Reservations page, hover the mouse over the Production-DevOps01 reservation.
2. When the popout menu appears to the right, click Edit
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 77
View the available DevOps business group resources
When the Edit Reservation - vSphere (vCenter) page appears, click the Resources tab.
In the Resources tab, scroll down through the Storage Paths section. There will be a total of 5 storage paths, four of
them pre-staged with the lab environment. The fifth will be the datastore you provisioned in Exercise A.1.2
A.1.2, and will
have a unique name, not corresponding to anything you'll see in the lab graphics. Look for the datastore named
VNXSAS_... with 15GB of physical space.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 78
Enable the new datastore for access
1. The Free capacity column shows 14GB of available space, even though there are no tenants using the storage
yet. This reflects the 1GB of capacity reserved for vSphere datastore management.
2. The This reservation reserved column is blank, indicating that none of this new storage has yet been assigned
to the DevOps business group.
3. To edit this setting, check the empty box in the left-most column of the new datastore's resource row.
1. Set the This reservation reserved value at 9, to make 9GB of VNX SAS storage available to the DevOps
business group.
2. Set the Priority value to 1. This value lets you manage distribution of new VMs across datastores.
3. Save the new setting by clicking on the green check symbol in the left-most column of the new datastore's
resource row.
You have now added 9GB of the 15GB of new space that you provisioned in Exercise A.1.2 to the DevOps business
group's storage reservation.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 79
Confirm reservation changes
Confirm the change by clicking the OK button at the bottom of the Reservations page.
Step 3 - Allocate the remaining new storage to the Production-IT business group
Having closed the Production-DevOps01 group's reservation, you'll be returned to the Infrastructure > Reservations >
Reservations page.
In this step, you'll assign the remaining 5GB of new VNX SAS storage to the Production IT business group.
1. Hover the mouse pointer over the Production-IT reservation line item.
2. When the popout menu appears to the right, click Edit
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 80
View the available IT Business Group resources
When the Edit Reservation - vSphere (vCenter) page appears, click the Resources tab.
In the Resources tab, scroll down through the Storage Paths section until you find the same VNXSAS_... datastore that
you edited in Step 2 above.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 81
Enable the storage for Production-IT
To enable the remaining 5GB of this datastore for Production-IT use, click the empty box in the left-most column of the
datastore's resource row.
1. Set the This reservation reserved value at 5, to consume the remainder of the VNX SAS datastore.
2. Set the Priority value to 1
3. Save the new setting by clicking on the green check symbol in the left-most column of the VNXSAS_...
resource row.
You have now assigned the remaining 5GB of the 15GB datastore that you provisioned in Exercise A.1.2 to the
Production-IT business group's storage reservation.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 82
Confirm reservation changes
Confirm the change by clicking the OK button at the bottom of the Reservations page.
Click the Catalog tab beneath the to return to the Cloud Administrator's Service Catalog page.
Summary
In this Lab, after logging in to the vRealize Automation Self-Service Portal and stepping through a subset of the
available Catalog services, you used the Provision Cloud Services catalog item to create a new storage LUN, mount it
into vCenter as an iSCSI datastore, and add it to the vRA inventory of available cloud resources, all through a few
clicks.
You then shared the new datastore across two tenant business groups in RainPole's cloud environment: 9GB of
capacity allocated to DevOps, and 5GB to Production-IT. Using this approach, new storage can be divided across
whichever business groups need additional capacity, rather than creating separate datastore clusters and tiers for
each business group, resulting in more efficient use of storage space.
Other Labs in this Guide have additional information about some of the topics and management concepts you were
introduced to in this Lab.
To add a vCloud Air virtual data center to vRealize Automation as a managed endpoint, please complete Lab
A.3
A.3.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 83
Creating and publishing new Service Catalog items, including managing user access, is demonstrated in Lab
B.1
B.1.
To see how the Self-Service Portal is customized for user experience and user permissions, complete Lab C.1
C.1.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 84
Lab A.2 - Import a Pre-Existing VM
into vRealize Automation (10-15
minutes)
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 85
Exercise A.2.1 - Locate the Target VM in VMware vCenter
After deploying an Enterprise Hybrid Cloud solution, organizations sometimes find it necessary to expand the scope of
cloud-managed resources to include components, services, and workloads that were created outside the cloud
environment. Importing pre-existing resources can enable cloud administrators to provide continuity of service - i.e., to
maintain existing services and to support critical business processes - while bringing those applications and
resources into the Enterprise Hybrid Cloud's centrally-managed services catalog.
In this Lab, in the role of the Cloud Administrator, you will import a pre-existing virtual machine into vRealize
Automation and assign it to the Developer user as the new owner.
You'll begin in this Exercise by initiating a data-collection operation from within vRA to prepare the environment and
locate the target VM.
NOTE: This Exercise assumes you are still logged in to vRealize Automation as the Cloud Administrator. For
instructions on logging in to vRA as cloud_admin, please refer to Lab A.1
A.1, Exercise A.1.1
A.1.1.
Open a new browser tab by clicking the + symbol in the title bar of your Firefox session.
Connect to vCenter
When the new tab loads, click the vSphere Web Client button in the Firefox shortcuts bar.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 86
Enable Adobe Flash plugin
When the login page loads, you may see an alert notifying you that Firefox is blocking Adobe Flash from running. Click
the Allow button to continue.
Click Allow and Remember to prevent the Flash alert from appearing in subsequent login prompts.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 87
Log in to vCenter
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 88
Step 2 - Review the host cluster layout
Once the vCenter Web Client Homepage loads, you'll locate the pre-existing VM.
In the Navigation pane on the left side of the window, click the Hosts and Clusters link.
You'll see there are two host clusters in this solution environment:
1. MGMT
MGMT, which contains two hosts, esx01 and esx02 esx02, used for cloud-management virtual machines. You'll also
see a third host, used for virtual storage in the vLab environment.
2. Tenant
Tenant, which contains two additional hosts and the cloud tenant VMs.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 89
NOTE: Depending on underlying conditions in your environment, you may see one or more vSphere hosts showing
alarms. This is likely due to the reduced resource availability of the vLab environment rather than a current problem
with any host. If, however a host is showing offline
offline, then please open a support ticket for your session on the vLab
portal.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 90
1. Three vApps: one for VM Templates
Templates, and the other two corresponding to the tenant resource pools within the
cloud environment.
2. Virtual machine VM1
VM1, currently unmanaged and outside the current cloud resource allocation.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 91
Step 3 - Review the VMs and Templates layout
Click the VMs and Templates tab at the top of the Navigation Pane.
When the VMs and Templates view loads, you'll see a series of folders, showing the organization of management VMs,
tenant VMs, and templates.
VM folders named Daily... and Weekly... correspond to backup policies created by vRA and Avamar.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 92
Within the Management folder, you'll see the component VMs for managing cloud services, such as the EMC Data
Protection Advisor (DPA
DPA), NSX
NSX, and vROps virtual machines.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 93
Identify the target VM for import
At the bottom of the list are VMs that are hosted in the vLab datacenter, but which are not otherwise managed within
the cloud environment.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 94
Step 5 - Review VM details
When the VM's Summary page loads, expand the VM Hardware pane to see the VM's resource allocation.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 95
Review allocated hardware
In the expanded VM Hardware page, note the VM's operating system and resource footprint.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 96
Log out of vSphere Web Client
When you've finished browsing the VM and folder organization, log out of the vSphere Web Client session by clicking
the drop-down symbol next to the Administrator@vlab.local session link in the upper-right corner of the page, and
then selecting Logout from the drop-down menu.
Close the vSphere Web Client tab and switch back to the Self-Service Portal
Portal.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 97
Step 6 - Log in as Developer user
In the remainder of this Exercise, you'll review the current inventory of VMs owned by the Developer prior to importing
VM1 into vRealize Automation.
1. Click the menu button in the upper-right corner of the browser window.
2. Click the New Private Window button in the pop-out menu.
This will enable to you log in simultaneously as the Developer without having to log out as the Cloud Administrator.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 98
Connect to vRealize Automation
When the new, private browser window opens, click the vRA shortcut button in the browser's Bookmarks toolbar.
When you've logged in successfully, click the Items tab at the top of the self-service portal.
NOTE: The current inventory of VMs owned by the DevOps user may differ from the items shown in this Guide.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 99
After you've completed Exercise A.2.2
A.2.2, you'll come back to this page to see the difference.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 100
Exercise A.2.2 - Import the Target VM into vRealize Automation
In this Exercise, while logged in as the Cloud Administrator, you will use the vRealize Automation Infrastructure
Organizer tool to add the VM1 server from Exercise A.2.1 to the managed inventory of tenant VMs.
From the DevOps user's private Firefox window, switch back to the primary Firefox session.
From the cloud administrator's vRA session, click the Infrastructure tab.
If you're completing the Lab exercises in sequence, you'll see the Reservations page from Lab A.1 when the
Infrastructure page loads. If not, skip this step
Click the Back to Infrastructure menu bar at the top of the navigation widget on the left side of the page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 101
Continue to the Infrastructure Organizer
When the Infrastructure page loads, click the Infrastructure Organizer menu item in the navigation widget.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 102
Open the Infrastructure Organizer
VM import into vRealize Automation can be performed on individual VMs or small groups of VMs, or on VMs in bulk
using a .csv file. In this Exercise, you'll import a single VM.
To continue, click the Infrastructure Organizer menu item in the left-hand column, again.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 103
Step 2 - Identify the target VM
When the Infrastructure Organizer page loads, you'll see an overview explanation of the wizard.
In addition to importing VMs, the Infrastructure Organizer can also be used for importing resources, such as compute
and storage, into the cloud infrastructure.
To begin the process of locating and importing the target VM, click Next
Next.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 104
Select the target resource pool
In this first page, you'll choose the compute resource hosting the VM.
In this instance, the VM1 virtual machine is hosted on the Tenant resource pool, which corresponds to the Tenant host
cluster you found on the cloud environment's VC01 host cluster.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 105
Configure Compute Resources
On the next page, confirm that the Tenant resource cluster is the only one that appears on the list, and click Next
Next.
NOTE: If the Infrastructure Organizer wizard resets to the start page and you're unable to list the available resources,
log out of Firefox and log back in as the Cloud Administrator, using the instructions provided in the first Exercise of Lab
A.1
A.1, then return to the Infrastructure > Infrastructure Organizer wizard.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 106
Step 3 - Configure the target VM
When the Choose Machines page loads, showing the available (unmanaged) VMs that were found on the Tenant
cluster. Locate the VM1 virtual machine in the list, and click the pencil icon in the left column of the row.
NOTE: The 'Pin' feature lets you edit multiple elements simultaneously. To do so, simply pin all the items you want to
configure and then edit one of the selections. The changes you make are then applied to all pinned selections.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 107
Choose a business group
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 108
Configure the VM
When the Configure Machines page loads, click the pencil icon to the left of the form.
1. Click the Blueprint drop-down button and choose RHEL6 (corresponding to the RHEL operating system you
saw on VM1 in vCenter in Exercise A.2.1
A.2.1).
2. Click the Reservation drop-down button and choose Production-DevOps01
3. Click the Owner drop-down button and choose devops_user@vlab.local
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 109
Save changes and continue
1. Click the green circle button at the left end of the row to save the configuration changes.
2. Click Next
NOTE: The Grow Allocations setting, if selected, increases the memory and storage allocated to the target reservation
by the exact amount consumed by the imported machine(s). Increase Quota raises the machine quota on the target
reservation by the number of VMs being imported.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 110
Acknowledge registration
Click OK to acknowledge completion of the operation. You'll be returned to the Infrastructure > Recent Events page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 111
Reload the Machines page
At the bottom of the Machines page, click the Refresh button to reload the DevOps user's VM inventory list.
NOTE: The newly-imported VM may take several minutes to appear on this page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 112
Confirm the import of VM1
When the page has reloaded, you'll see that VM1 has been added to the list of VMs owned by the Developer,
confirming the successful import of a pre-existing virtual machine into vRA.
Click the Logout button in the upper-right corner of the self-service portal. This will end the Developer's login session
to vRA.
When you've successfully logged the Developer user out of vRA, close the Private browser window.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 113
Summary
In this Lab, as the cloud administrator, you've imported a virtual machines from outside the cloud environment into
vRA, and verified that the VM has been successfully assigned to the Developer user.
As the new VM owner, the Developer can now manage the virtual machine - including power state, snapshots,
deletion, and reconfiguration - consistent with the settings of the RHEL6 Blueprint which you applied to VM1 when you
imported it.
For a deeper look at creating and managing VM blueprints, approval policies, and entitlement settings, please
complete Lab B.1
B.1.
To learn more about data protection management, including creating backup service levels, please see Lab
B.2
B.2.
To see how VMs can be enabled for enterprise management through integration with your CMDB platform,
please see Lab B.3
B.3.
For more information on managing VMs - including VM creation, backup and restore operations,
reconfiguration, power-state management, snapshots, and deletion - please complete Lab C.1
C.1.
To see how enterprise applications can be automatically deployed to a new VM as part of the provisioning
process, see Lab C.2
C.2.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 114
Lab A.3 - Add a vCloud Air Site to
vRealize Automation (15-20
minutes)
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 115
Exercise A.3.1 - Connect to the Cloud Experience Center and launch the
demo
Built on converged infrastructure from VCE, an Enterprise Hybrid Cloud solution enables feature-rich capabilities such
as database-as-a-service (DBaaS), Disaster Recovery-as-a-Service(DRaaS) and continuous availability, and Hadoop-as-
a-Service. Additionally, while these are not part of a Foundation deployment or a modular add-on feature, you can also
leverage third-party tools for automated application deployments (e.g. Puppet), CMDB management (e.g. ServiceNow),
IP Address Management (e.g. Infoblox), to extend your cloud environment for even greater enterprise-level service and
support.
Due to the highly virtualized nature and limited size of the vLab environment, however, this lab session is unable to
support anything beyond local IaaS and limited-scope application deployment blueprints. To demonstrate some
additional uses and capabilities of an Enterprise Hybrid Cloud, we've created a number of interactive demos,
accessible through the Cloud Experience Center at http://interactivedemos.emc.com/ehc, which you can step through
as part of your lab experience today.
In this Lab, you will use the Cloud Experience Center to see how to connect your Enterprise Hybrid Cloud to a vCloud
Air site, and how to configure your environment with a new reservation and vCloud Air-based blueprint. Finally, you'll
deploy a new VM to your vCloud Air data center from the vRealize Automation self-service portal.
You'll begin by opening a new Chrome browser instance from the Windows Taskbar.
When the Chrome browser window loads, click the Cloud Experience Center link in the Bookmarks bar.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 116
Step 2 - Continue to the next Exercise to launch the demo
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 117
Exercise A.3.2 - Create a vCloud Air Endpoint
With an Enterprise Hybrid Cloud, you can manage resources and workloads across multiple sites - both public and
private cloud infrastructure - from within the same vRealize Automation self-service portal.
In this Exercise, you'll add a vCloud Air-based remote site to the cloud environment.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 118
Launch the interactive demo
When the vCloud Air Demos popup menu appears, click Create a vCloud Air Endpoint
Endpoint.
You'll begin on the All Services page of the service catalog. Click the Infrastructure tab at the top of the page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 119
Open the Infrastructure > Endpoints page
From the Infrastructure page, click the Endpoints bar in the left-hand navigation widget.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 120
Continue to the Infrastructure > Endpoints > Endpoints page
This page shows the managed endpoint resources that have been configured in vRealize Automation. You can see that
the environment currently consists of only the local vCenter server (with its compute, network, and storage resources)
and the local vCenter Orchestrator server (for infrastructure and application deployment automation).
To add a vCloud Air site to vRA, click the New Endpoint button, then click Cloud
Cloud, then vApp (vCloud) from the popout
menus.
When the New Endpoint - vApp (vCloud) page loads, you'll see that the Name has already been provided.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 121
On this page, you'll need to enter the URL to your vCloud Air-based data center. In order to obtain this URL, you'll need
to open the vCloud Air portal
portal.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 122
Open the vCloud Air dashboard
The vCloud Air portal will appear, showing two tiles: My Subscriptions
Subscriptions, and Identity and Access
Access.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 123
Open the Virtual Data Center Page
You'll see the vCloud Air dashboard page, showing available resources (1), the current number of active VMs (2), and
the number of virtual data centers (3).
Since you'll be adding the vCloud Air virtual data center as a vRA-managed endpoint, this is the information you're
looking for.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 124
Expand the vCloud Director API URL
For the vRealize Automation instance in your local environment to connect and authenticate your vCloud Air data
center, you need the vCloud Director API URL from this page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 125
Copy the URL to the Windows Clipboard
The first line of the URL is the information that you'll need to provide to vRA.
Click anywhere on the page to copy this line to the Windows Clipboard.
With the URL now successfully copied, click anywhere on the page to close the vCloud Air portal and return to vRealize
Automation.
Click in the Address field to paste the data center URL from vCloud Air.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 126
Step 4 - Configure connection credentails
The next step in the process is to provide the necessary credentials for vRA to connect to the vCloud Air data center. To
begin, click the ellipsis button next to the Credentials field.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 127
Add new credential entry
Authentication credentials for all vRA endpoints are managed from a single page. By consolidating this information,
vRealize enables separation of duties for organizations that require separation of duties between cloud administrators
and security administrators. A security administrator can manage this page, and the cloud administrator can use these
credentials to establish endpoint connections without having to know the endpoint credentials.
To create a new entry, click the New Credentials button in the upper right corner of the window.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 128
Name the credential entry
A name for the new entry has been provided for you.
Click the User Name field to have the user account and password fields automatically filled in.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 129
Save the credential entry
Click the green checkmark button in the left column of the row to save the new credentials.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 130
Return to the New Endpoint page
Now that you've added the necessary credentials to vRealize Automation, and with the new vCA entry already
highlighted, click OK to return to the New Endpoint page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 131
Step 5 - Discover the vCloud Air Organization
The next step is to provide the Organization name, which we'll also copy from the vCloud Air portal.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 132
Copy the Organization name to the clipboard
You'll see the same Virtual Data Center Details page on the vCloud Air portal that we left in Step 3
3, showing the
organization name at the top of the dashboard.
Click anywhere on the page to copy the Organization name to the Windows clipboard.
With the Organization name now successfully copied, click anywhere on the page to close the vCloud Air portal and
return to vRealize Automation.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 133
Provide the Organization name to vRA
Back on the New Endpoint configuration page, click in the Organization field to paste the Organization name from
vCloud Air.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 134
Step 6 - Create and confirm the new Endpoint
With all the necessary information provided to vRealize Automation, click the OK button to create the new endpoint.
You'll return to the Endpoints page, where you'll see that the new endpoint has been added to the managed endpoint
inventory.
Next, you'll validate the connection and run a data collection operation from vRA to discover the pool of resources
available to vRA from vCloud Air.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 135
Discover vCloud Air resources
Hover the mouse pointer over the vCAir-DEV endpoint entry, then click Data Collection from the popout menu.
You'll see that data collection has already started. In this operation, vRealize Automation connects to vCloud Air to
enumerate the available resources in the new endpoint.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 136
Complete the operation
You'll also see a text box advising you to click anywhere on the page to create a new reservation using resources from
vCloud Air. Click anywhere on the page to return to the Endpoints page, and then proceed to Exercise A.3.3
A.3.3.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 137
Exercise A.3.3 - Create a vCloud Air Reservation
In the previous Exercise, you added a new endpoint to vRealize Automation as a managed endpoint, then connected
to the endpoint from vRA and discovered its pool of available resources.
Now, in this Exercise, you'll create a new Reservation using some of the available vCloud Air resources, and make that
Reservation available to your IT users.
Click the Back to Infrastructure link in the navigation column on the left side of the page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 138
Open the Groups page
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 139
Continue to Fabric Groups
Fabric Groups organize compute resources and cloud endpoints into logical clusters. These logical clusters can then
be presented to different tenants by business group, by LOB, by cost center, etc.
Hover the mouse pointer over the IT_Fabric_Group entry, then click Edit from the popout menu.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 140
Enable the vCloud Air endpoint for IT
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 141
Step 2 - Create a new Reservation
You'll return to the Fabric Groups page, showing the IT_Fabric_Group to which you just enabled access to the vCloud
Air resource pool.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 142
Continue to Reservations
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 143
Open the Reservations page
This page shows the existing Reservations. To add the vCloud Air resources to this list, you'll need to create a new
Reservation.
To begin, click the New Reservation button in the upper right corner of the page, then hover over Cloud
Cloud, then select
vApp (vCloud)
(vCloud).
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 144
Step 3 - Configure the Reservation Information
To begin, click the drop-down button in the Compute resource window and select M814923143-6342 (vCAir-DEV) from
the list.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 145
Select a business group
Click the Business group drop-down button and select DevOps from the menu.
Assign a priority
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 146
Step 4 - Assign resources
This page lists the available memory and storage resources that were detected by vRealize Automation when the data
collection operation was run at the end of the previous Exercise.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 147
Allocate memory
1. Next, click the This Reservation window in the Memory section and enter 10
10.
2. Then click the Network tab.
1. On the Network page, click the M814923143-6342-default-routed network path. This will enable external
network connectivity for vCloud Air-based VMs created from the vRA self-service portal.
2. Click OK to save the configuration and create the new Reservation.
You'll return to the Reservations page, where the vCAir_DEV reservation now appears at the bottom of the list.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 148
Click the Catalog tab at the top of the page to open the Service Catalog
Catalog, and proceed to the next Exercise in the Lab.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 149
Exercise A.3.4 - Create a vCloud Air vApp Blueprint
In previous Exercises of this Lab, you added a new vCloud Air Virtual Data Center as a managed endpoint in vRealize
Automation, and then created a new Reservation to host tenant workloads for IT users in your organization.
In this Exercise, you'll create a new vRA IaaS blueprint, using vCloud Air as the target.
From the previous Exercise, you'll begin on the Catalog page, looking at the available items from the Virtual Servers
service catalog. Note that there are currently four catalog items on this page at the beginning of this Exercise.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 150
Navigate the Infrastructure widget
From the Infrastructure page, click the Blueprints button in the navigation widget on the left.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 151
Continue to the Blueprints page
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 152
Step 3 - Create a new vApp Blueprint
This page shows the inventory of Infrastructure-as-a-Service (IaaS) blueprints that have been created in vRealize
Automation. Blueprints from this page that have been published will appear as Catalog Items on the self-service
portal.
When a user requests a VM from the catalog, the Catalog Item's blueprint defines the parameters (CPU, memory, disk,
location) that will be used to create the new VM.
To add a blueprint for vCloud Air, well need to create a vApp container, with a single VM blueprint in the vApp.
Click the New Blueprint button. When the drop-down menu appears, click Cloud
Cloud, then vApp (vCloud)
(vCloud).
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 153
Provide blueprint information
The new blueprint's Name has already been provided for you. When this new blueprint has been published and
appears on the self-service portal as a Catalog Item, its name will be based on the name of the blueprint.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 154
Provide description and archive values
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 155
Step 4 - Configure blueprint settings - select an image
The settings that you configure on this page will control how all VMs based on the new blueprint will be deployed.
The first step will be to assign an image from the available vCloud Air inventory. Click the ellipsis button next to the
Clone from window.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 156
Select a VM image for the blueprint
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 157
Step 5 - Configure blueprint settings - Select a deployment blueprint
You've assigned an image for the vApp. The next step is to specify a deployment blueprint that defines hardware and
storage parameters for deploying VMs based on this image.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 158
Save all settings and create the blueprint
Now that you've defined a blueprint name, description, archive value, image, and build profile, click OK to create the
blueprint and add it to the vRA inventory.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 159
Step 6 - Enable the new blueprint in the Catalog
You'll see the new blueprint appear on the inventory list, with its Published status currently set to No
No.
Publishing the blueprint will add it to the self-service portal as a Catalog Item.
Hover the mouse pointer over the CentoOS - vCloud Air (DEV) blueprint...
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 160
Publish the blueprint
Confirm publication
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 161
Step 7 - Edit the new Catalog item
You'll return to the Blueprints page, where the Published status of the new vApp blueprint has changed to Yes
Yes.
The next step will be to configure the Catalog Item in vRealize Automation.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 162
Open the Catalog Management page
From the Administration page, click the Catalog Management button in the navigation widget.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 163
Open the Catalog Items page
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 164
Open the new Catalog Item's Details page
On the Catalog Items page, you'll see a list of some of the published and retired catalog items in the vRA inventory.
Click the CentOS - vCloud Air catalog item hyperlink to edit its settings.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 165
Step 8 - Configure the Catalog Item's settings
Now that you've defined a vCloud Air blueprint and published it, you'll need to configure how and where you want it in
the Catalog. On this page, you can define which Catalog service and to which cloud users you want your new item to
appear. You can also assign an icon to the Item on this page too.
On the Configure Catalog Item page, you'll see the item's Name and Description
Description, which are based on the blueprint
values that were configured earlier in the Exercise.
To assign an icon to the new item, click the Browse button next to the Icon field.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 166
Assign an icon to the new Catalog Item
You'll see a list of available image files to use as icons for the new item.
1. Since the vCloud Air template you assigned is based on a CentOS VM image, click to highlight the centos-vm
file on the list.
2. Click Open to return to the Configure Catalog Item page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 167
1. Scroll down to the bottom of the page
2. Click the drop-down button in the Service field.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 168
Assign a Catalog service
The Service drop-down menu controls two attributes of the Catalog Item: the category in which the item will appear,
and (based on the Service's pre-configured Entitlements) which users / groups will be able to see and use the Item
from their own self-service portals.
Click the Catalog tab at the top of the page to return to the Service Catalog.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 169
Review Virtual Servers catalog page
You'll recall that in the first step of this Exercise, you began on the Service Catalog page with four catalog items.
Now that you've completed the Exercise, you'll see five items, one of which is the new CentOS - vCloud Air (DEV)
catalog item based on the new blueprint and catalog item that you just created.
Click anywhere on the page to activate the next demo, and proceed to the next Exercise in the Lab.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 170
Exercise A.3.5 - Provision a vCloud Air Virtual Machine
In Exercise A.3.2 of this Lab, you added the vCloud Air data center to vRealize Automation as a managed endpoint,
then (in Exercise A.3.3
A.3.3) created a Reservation using available vCloud Air storage and memory resources for vRA users
to access. Next, in Exercise A.3.4
A.3.4, you built a new vCloud Air vApp blueprint for deploying VMs to vCloud Air from vRA.
In this final Exercise, you'll deploy a new VM in the vCloud Air data center, using that new blueprint.
From the previous Exercise, you should be on the Virtual Servers service catalog page, on which you'll see the CentOS -
vCloud Air (DEV) catalog item that you just created in vRA.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 171
Configure and submit new VM request
As you can see, the vApp and VM blueprint are based on the settings you configured in Exercise A.3.4
A.3.4.
Click OK on the Request confirmation page to acknowledge the submission and open the Requests page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 172
Step 2 - Monitor deployment status
On the Requests page, you'll see the new VM deployment operation at the top of the list, with its deployment status
showing In Progress
Progress.
Click the Refresh button at the bottom of the page to reload the page and update the status.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 173
Confirm successful VM deployment
When the page reloads, you'll see that the deployment has successfully completed.
Click the Items tab at the top of the page to see the new vCloud Air-based VM.
On the Items page, you can see the new VM has been deployed successfully and is powering on for the first time.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 174
Click the + symbol next to the new item to expand the vApp instance and see the details of the new vCloud Air-based
VM.
Due to the way in which vRA and vCloud Air manage shared resources, and based on blueprint settings that you
configured in the previous Exercise, DEV129 is the vApp container that vRA uses to manage the VM. CSP121 is the
actual VM running in the vCloud Air virtual data center.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 175
View the VM details
You can see that the CSP121 VM is based on an off-prem Linux blueprint, and hosted on the M814923154-6342
compute resource, which you'll recall from Exercise A.3.2 is the name of the vCloud Air virtual data center.
Click anywhere on the page to open the vCloud Air management console and see the new VM.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 176
Step 4 - Confirm new VM in vCloud Air
You'll see the new VM, its name, hardware settings, and vApp details match what was configured in the blueprint and
deployed in vRealize Automation.
Click anywhere on the page to close the vCloud Air management console.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 177
Return to the Catalog
You'll be returned to the Virtual Servers Catalog page, complete with the new Catalog Item that you created and
validated in this Lab.
When finished, unless you plan to continue directly to Lab B.3 or Lab C.4
C.4, close the Chrome web browser to improve
performance in the Firefox-based labs.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 178
Conclusion
The Enterprise Hybrid Cloud offers the ability to add remote-site endpoints, such as vCloud Air, quickly and easily. This
gives you the agility to grow your cloud capacity in response to business growth and changing business demands.
With the flexibility of a vCloud Air virtual data center as part of your cloud infrastructure services portfolio, you can also
deliver increased value to your customers by ensuring that business workloads are optimally placed for availability,
capacity, and performance.
Related Labs
Based on the concepts introduced and reviewed during this Lab, you may be interested in one or more of the following
additional labs in this Guide:
For a more in-depth exploration of the process of creating a new IaaS blueprint, please see Lab B.1
B.1.
In addition to deploying a new VM, Lab C.1 provides a look at the entire lifecycle of a VM, from creation to
disposal.
Additional interactive demos are available in Lab B.3 and Lab C.4
C.4.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 179
Lab B.1 - Create a New IaaS
Blueprint and Approval Policy
(20-30 minutes)
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 180
Exercise B.1.1 - Create a New IaaS Blueprint
This Lab will walk you through the process of creating, configuring, and publishing a new Infrastructure-as-a-Service
(IaaS) blueprint to the catalog. You'll also see how catalog items are enabled for access by specific cloud customers.
You will then create an approval policy and attach it to the catalog item to require Cloud Administrator approval for
users wishing to use the blueprint for new VMs. Finally, you'll test the blueprint and approval policy by requesting a
new VM as the Developer user.
In this exercise, as a Cloud Administrator, you will use the vRealize self-service portal to create a new single-VM IaaS
blueprint. You will publish this IaaS blueprint as a new catalog item in the vRealize self-service catalog page in
Exercise B.1.2
B.1.2.
From previous Labs, you may already be logged in to vRealize Automation as the Cloud Administrator. If so, proceed to
the next Step in the Exercise. If not, then from the vRA login portal:
From the Cloud Administrator's Catalog page in vRealize Automation, click the Infrastructure tab.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 181
Navigate to Infrastructure > Blueprints
The first page that will load will be the Infrastructure Recent Events log. In the left-hand menu column, click
Blueprints
Blueprints...
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 182
Navigate to Infrastructure > Blueprints > Blueprints
When the Blueprints page loads, click the New Blueprint button on the top-right of the page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 183
Choose the blueprint type
When the New Blueprint - vSphere (vCenter) page loads, enter Small VM - Protected
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 184
Provide a description
In the Description field, enter Small Linux server VM with data protection enabled
On the Reservation policy field, click the drop-down button and select Production
Production.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 185
Configure VM limit and Archive settings
1. In the Maximum per user field, enter 2. This sets a limit of 2 VMs per user from this blueprint.
2. In the Archive (days) field, enter 7
Now that you've configured the blueprint settings, click the Build Information tab.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 186
Set a blueprint type
In the Blueprint type field, click the drop-down button and choose Server
Server.
NOTE: This setting is used for license-tracking and compliance purposes only. It does not affect the VM provisioning
process in any way.
In the Action field, click the drop-down button and choose Clone
Clone.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 187
Step 5 - Choose the template for the blueprint
If the template will be based on a clone, or a linked clone, you must specify the existing VM image template that will
be used as the source of the clone operation.
When the Select Template form opens, verify DSLwNET is highlighted, and click OK
OK.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 188
Step 6 - Configure resource settings
The Machine Resources section of this page allows you to set resource policies. You must provide a minimum setting
for CPU, memory, and storage for the VM. If you leave the maximum setting blank for any particular resource, vRA will
not allow users to add more of that resource.
You will configure the minimum storage setting in the next step. Leave the Lease (days) field blank.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 189
Provide maximum settings
To set upper resource limits for all VMs based on this blueprint:
In this step, you will configure the primary storage volume and choose a storage tier.
Click the New Volume link in the upper-right corner of the Storage volumes box.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 190
2. Click the Storage Reservation Policy drop-down button and select VNX FASTVP
FASTVP. All VMs deployed using this
template will have their initial volume created on the VNX FASTVP storage tier by default as a result of this
setting.
3. Click the green check button at the left end of the new volume row to save the volume setting.
4. Check the Allow user to see and change storage reservation policies button. This will give cloud customers
the ability to choose which storage tier they wish to use when they provision the VM initially or when they add
new storage.
When the Properties page loads, check the box labeled BackupAndRestoreFunctions
BackupAndRestoreFunctions. Enabling this setting will require
users to select a backup service policy when they provision VMs from this template.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 191
Step 9 - Configure user-enabled Actions for the blueprint
On this page, you can select which features and actions users will be able to run against their own VMs.
NOTE: User-enabled settings that you configure in this Exercise will apply to VMs provisioned from this template, not
to the template itself. Users will have no rights to perform any of these actions against the template directly, or against
VMs created by other users from this template.
Most Machine operations in the template are enabled by default. Deselect the following boxes, leaving all remaining
operations enabled:
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 192
Snapshot and VM editing
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 193
Submit the blueprint
Confirm
When the blueprint has been successfully created, you'll be returned to the Blueprints inventory page. Scroll down
through the (alphabetically sorted) list until you find the Small VM - Protected blueprint that you just created.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 194
Step 10 - Publish the new blueprint
Hover the pointer over the Small VM - Protected blueprint. When the popout menu appears, click Publish
Publish.
Confirm publication
When the Confirm Publish Blueprint page loads, click OK to publish the new Small VM - Protected blueprint.
You'll return to the Infrastructure > Blueprints > Blueprints page in vRA. Click the Administration tab at the top of the
self-service portal.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 195
Continue to Catalog Management
When the Administration > Identity Stores page loads, click the Catalog Management menu bar in the left-hand column
of the page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 196
Open the Catalog Items page
When the Administration > Catalog Management page loads, click the Catalog Items menu bar in the left-hand column
of the page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 197
Step 12 - Locate the new catalog item
When the Catalog Items page loads, you'll see the first of two pages of catalog items. Click the Last Page button at the
bottom of the window to advance to the next page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 198
Confirm the new catalog item
When Page 2 loads, you'll see the new Small VM - Protected catalog item corresponding to the blueprint that you
created and published in this Exercise.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 199
Exercise B.1.2 - Enable the New Item for the Self-Service Catalog
In the previous Exercise, you created, configured, and published a blueprint to create a small-footprint Linux virtual
machine with data protection enabled. When you published the new blueprint, it created a new catalog item.
Before a catalog item can be accessed by cloud users, it must first be associated with one of the available catalog
services, and have one or more entitlements assigned. The service association determines where in the catalog the
item will appear, and the entitlement settings control which group(s) of users will be able to use the catalog item.
In this Exercise, you will assign an icon to the new catalog item, associate the item with a service, entitle it for user
access, and confirm its appearance in the self-service catalog.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 200
Step 1 - Configure the new catalog item
NOTE: This Exercise assumes you have just completed Exercise B.1.1
B.1.1.
From the previous exercise, you should still be looking at Page 2 of the Catalog Items inventory with your new catalog
item about midway down the list.
1. Note that the row's Service field is blank, indicating this is item hasn't yet been associated with a catalog
service.
2. Click the item name - Small VM - Protected to open its configuration page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 201
Open the icon image library
A new icon has already been created for this catalog item and placed in a subdirectory of the local Downloads folder.
To change the icon from the default image, click the Browse... button in the middle of the Configure Catalog Item page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 202
Open the Downloads folder
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 203
You'll return to the Configure Catalog Item page, and the icon preview will change from the default image to a
customized icon for this template.
You'll return to the Configure Catalog Item page, with the icon that you just assigned now visible in three sizes.
Scroll down to the bottom of the page, if necessary, and continue to the next Step.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 204
Step 2 - Associate the catalog item with a service
The Status is set to Active by default already. This setting allows you to turn the item on or off in the catalog without
having to otherwise modify or delete it.
Click the drop-down button next to the Service field, and select the Virtual Servers menu item.
Click the Entitlements tab at the top of the Configure Catalog Item page.
On the Entitlements page, you'll see the groups which are now entitled to see and request the new VM item from the
catalog. These entitlements are inherited from the service to which you've associated the item, in this case, the Virtual
Servers service.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 205
Click the Update button to finish configuring the item and to activate it in the service catalog.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 206
Confirm the updated item settings and availability
You'll be returned to the filtered Catalog Items page, where the Small VM - Protected catalog item now shows itself
assigned to the Virtual Servers service.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 207
View the Virtual Servers catalog page
When the Service Catalog page loads, click the Virtual Servers service button in the navigation widget.
You'll see three new catalog item tiles, each showing the icon file you assigned, and each labeled Small VM -
Protected
Protected, corresponding to the three entitled business groups you noted in Step 2 above.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 208
Step 4 - Return to the catalog administration page
You'll be automatically returned back to the Administration > Catalog Management > Catalog Items page. Proceed to
the next Exercise in the lab.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 209
Exercise B.1.3 - Create a New Approval Policy
In vRealize, approval policies can be applied to catalog-item requests, such as new VMs, services, and workflows, and
resource-action requests, such as changing the configuration or state of existing VMs, services, and workflows.
Approval policy enforcement can be configured to ALWAYS require approval, regardless of conditions or settings. They
can be triggered by THRESHOLDS, such as resource requests of a certain type, or above a certain cost/size threshold.
When it comes to assigning approvers, an approval policy can be set to require ANY member of the approving group
(e.g. cloud administrators, backup administrators, fabric administrators, etc.), or (to maximize visibility) to require ALL
members of the group to approve
In this Exercise, logged in as the Cloud Administrator, you'll create a new approval policy that will require that
developer requests for VMs with data protection enabled by approved by the cloud administrator. You'll then assign
the Cloud Administrator as the approver for requests associated with this policy, and define the policy's approval
parameters.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 210
Continue to the Approval Policies page
Click the Approval Policies menu bar in the left-hand column of the page.
From the Approval Policies page, click the Add button in the upper left corner.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 211
Select the policy type
1. Click the radio button labeled Service Catalog - Catalog Item Request - Virtual Machine
2. Click OK
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 212
Step 3 - Configure policy settings
In this step, you'll assign a name, create a description, and set the approval level and conditions that will apply to the
policy.
From the Add Approval Policy page, enter the following information:
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 213
Assign the cloud administrators as approvers
In the Who are the approvers? section on the right side of the Add Level page:
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 214
Configure approval form settings
The settings you configure on this page determine what information is passed to the designated approver when the
request is submitted.
CPUs
Machines
Memory (MB)
This page configures the approval form that the designated approver will see when determining whether or not to
approve the request. Since the blueprint you created does not include a lease limit, we'll omit that from the approval
form page.
When finished, click the Add button to return to the approval policy page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 215
1. Click the Status drop-down button, and select Active
2. Click Add
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 216
Exercise B.1.4 - Assign the Approval Policy to the New VM Blueprint
In this Exercise, you'll assign the approval policy you created in Exercise B.1.3 to the catalog item that you created in
Exercise B.1.2
B.1.2.
Once you've applied the new approval policy to the catalog item, developer requests for new VMs from this catalog
item must be approved by the cloud administrator before any new VMs can be created.
NOTE: This exercise assumes you have just completed Exercise B.1.3.
From the Administration > Approval Policies page, click the Catalog Management menu bar in the left column of the
page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 217
Continue to Entitlements
Click the Entitlements menu bar in the left column of the page.
Process Overview
When you assigned the Small VM - Protected catalog item to the Virtual Servers service, it inherited four separate
entitlements automatically: Provisioning - DevOps
DevOps; DevOps
DevOps; Internal_vLab_Dev
Internal_vLab_Dev; and IT-Admins
IT-Admins.
Approval policies work on a per-entitlement basis: to enforce the approval policy across multiple entitlements, each
entitlement must be edited separately to assign the policy. In this Exercise, you will edit only the DevOps entitlement.
When the Entitlements page loads, locate the DevOps entitlement and click the DevOps hyperlink.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 218
Edit the DevOps Entitlement
On the Edit Entitlement page, click the Items & Approvals tab.
Add the new catalog item and set the approval policy
Click the green plus sign next to Entitled Catalog Items in the top center of the page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 219
1. Click the drop-down button next to Service
2. Select Virtual Servers
Servers.
You'll recall that this was the service you associated the catalog item with in Exercise B.1.2
B.1.2.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 220
Filter the list to include only VMs
This was the type of approval policy you created in Exercise B.1.3
B.1.3.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 221
Filter the list to locate the new catalog item
1. On the now-filtered list, check the box next to the Small VM - Protected catalog item.
2. Click the drop-down button next to Apply this Policy to selected items
items, and select DevOps VMs w/Data
Protection from the menu.
3. Click OK
1. Note that the Small VM - Protected catalog item has been added to the list, and the new DevOps VMs w/Data
Protection approval policy has associated with it.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 222
2. Click Update to submit the change.
Summary
In this Lab thus far, as the Cloud Administrator, you have successfully created a new VM provisioning blueprint with
backups enabled, set the resource parameters on that blueprint, and published it to the Service Catalog.
You have also created a new Approval Policy, defined the approval parameters and the approval level, and (in this
Exercise) associated the new Approval Policy to the new blueprint for all developer requests based on the new
blueprint.
Continue on to the next and final Exercise of this Lab, where you'll validate both the new blueprint and the new
Approval Policy.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 223
Exercise B.1.5 - Validate the New Blueprint and Approval Policy
In this final Exercise of the Lab, you'll log in to vRealize Automation as a Developer, and request a new instance of the
Small VM - Protected
In this step, you will verify enforcement of the new approval policy by logging in to vRA as a developer, then requesting
a VM based on the new catalog item you created in Exercises B.1.1-B.1.2
B.1.1-B.1.2.
In order to test the catalog item using a different user ID, you'll complete this step using a private Firefox session.
Using a new private window lets you avoid having to log the cloud administrator out of your primary browser session.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 224
Open a new private window in Firefox
1. Click the menu button in the upper-right corner of the Firefox browser window to open the action menu.
2. Click the New Private Window tile.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 225
2. Click the vRA button in the browser's bookmarks bar.
Once you've logged in as the developer, click the Catalog tab at the top of the page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 226
Filter the service catalog view
Once the DevOps user's Service Catalog page loads, click the Virtual Servers link in the navigation widget.
Locate the Small VM - Protected tile, which you'll recognize from both the name and the custom icon you configured in
Exercise B.1.2
B.1.2, and click its Request button.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 227
Configure the new VM's parameters
On the Storage configuration page, click the New Volume link to the right of the Storage volumes box.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 228
Set volume parameters
Click the Submit button to the bottom right of the New Request page to submit the VM request.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 229
Confirm the submission
When you return to the developer's catalog page, click the Requests tab.
1. Click to highlight the new request at the top of the page, and note that the status of this request shows
Pending Approval
Approval, showing the enforcement of the new approval policy.
2. With the new request highlighted, click the View Details button to see a more detailed status.
NOTE: The request number of the new VM in your environment may differ from the one shown in this Guide.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 230
Note Request details
When the Request Details page loads, note the current status in the lower-left corner of the page, showing the request
is Pending Approval
Approval, with the EHC Cloud Administrator listed as the Approver.
When finished, close the VM request by clicking the OK button in the lower-right corner of the page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 231
Return to the Cloud Administrator's vRA session
Minimize (do not close) the private Firefox window to return to the cloud administrator's vRA session.
From the cloud administrator's vRA session, click the Inbox tab at the top of the page.
When the Inbox page loads, locate the Small VM Protected request item and click the approval item number in the left
column.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 232
Step 6 - Review request details
To review the storage details of the request, click the View Request link on the form.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 233
Open the Storage page of the request
When the Request Details page loads, click the Storage tab at the top of the form.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 234
Review Storage settings
The Storage page will load, showing the storage volumes and tiers you configured when you created the VM request as
the Developer.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 235
Provide justification and approve the request
On the taskbar at the bottom of the desktop, click the private-session Firefox button to return to the developer's vRA
console.
NOTE: If you're not already on the developer's Requests page, click the Requests tab at the top of the self-service
portal to return to the page.
If the request status has not automatically updated to In Progress after it was approved, click the Refresh button at the
bottom of the page to reload the requests and update the status. Once the VM request has been approved by the
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 236
Cloud Administrator, the provisioning process should take 3-5 minutes to complete, at which time the Status of the
request will change to Successful
Successful.
To close out the developer's vRA session, you can either click Logout in the upper-right corner of the private session,
and then close the private-session browser window.
Summary
Per the configuration of the approval policy you created in Exercise B.1.4
B.1.4, approved requests begin processing
immediately upon administrator approval.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 237
You've successfully created a new VM provisioning blueprint and published it to the catalog for developer access.
You've also successfully created a new approval policy and applied it to the VM-creation workflow, Finally, you
validated both the workflow and the approval policy by requesting a VM as a developer, then approving the request as
an administrator, and then confirming the post-approval creation of the new VM.
An in-depth look at the process of creating a new backup service level is provided in Lab B.2
B.2.
For an overview of how VM blueprints and data protection are presented to and consumed by cloud users,
please complete Lab C.1
C.1.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 238
Lab B.2 - Integrated Data-Protection
Management (5-10 minutes)
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 239
Exercise B.2.1 - Creating a New Backup Service Level
NOTE: Data Protection services are available as an optional modular add-on service to the Enterprise Hybrid Cloud
Foundation solution.
As the Cloud Administrator, you can create multiple backup service levels for your cloud environment, based on your
organization's requirements for backup scheduling, data retention, and archiving. These service levels are presented
to your customers during the VM request process, and are supported behind the scenes by EMC Avamar and
(optionally) Data Domain. Backups are automatic according to the configured schedule, or can be initiated manually if
necessary.
In this Lab, as the Cloud Administrator, you will create and verify a new backup service level.
NOTE: This Exercise assumes you're still logged on to vRealize Automation as the Cloud Administrator. If not,
instructions for connecting to vRA as the Cloud Administrator are provided in Lab B.1
B.1, Exercise B.1.1
B.1.1.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 240
Open the Data Protection Services page
From the cloud administrator's Service Catalog page, click the Data Protection Services service menu bar in the
navigation widget.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 241
Open the service request wizard
When the Data Protection Services page loads, locate the tile labeled Create Backup Service L... (The full catalog item
name - Create Backup Service Level - is truncated in this view), and click its Request button.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 242
Step 2 - Provide a service level description and name
1. In the Description field of the Request Information tab, enter Avamar backup service policy - 2x/day, 3yr
retention, 5yr archive
2. Click Next
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 243
Provide a name and select a backup target
1. In the Specify the Service Level Name field of the Backup Service Level form, enter
Daily_2x_Retention_3yr_Archive_5yr
2. Using the drop-down button of the Choose backup target menu, select Avamar
3. Click Next
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 244
Step 3 - Configure the backup schedule
In the Schedule form, click the Backup Frequency drop-down menu button, and select Daily
Daily.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 245
Configure a twice-daily backup window
Once you select Daily from the drop-down menu, the form will change. The default backup times, listed in the Time for
daily schedule window, will read 07:00,12:00,18:00,23:00
1. In the Time for daily schedule window, enter 05:00,17:00 (no space after the comma). This will set the backup
schedule to run at 5am and 5pm every day.
2. Click Next
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 246
Step 4 - Set the retention scope
From the Retention form, click the Retention scope drop-down button and select for
for.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 247
Specify the retention periods
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 248
Step 5 - Confirm and monitor the request
After submitting the request, you'll see a confirmation page. Click OK to return to the main page of the Catalog tab.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 249
Track the request status
NOTE: The new backup service level will take 3-4 minutes to complete.
You'll see the Create Backup Service Level request at the top of the page. If the status of the request still shows In
progress, click the Refresh button at the bottom of the page to reload the page until the status has changed to
Successful
Successful.
In Exercise B.2.2
B.2.2, you'll verify the completion of the new backup policy using the Service Catalog
Catalog.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 250
Exercise B.2.2 - Verifying the New Backup Service Level
The Enterprise Hybrid Cloud includes a catalog item for designated backup administrators to query the available
backup service levels through a simple drop-down menu. You'll use this catalog item to verify the backup service level
you just created.
NOTE: Data Protection - Backup services are available as an optional modular add-on service to the Enterprise Hybrid
Cloud Foundation solution.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 251
Filter the Services list
When the Catalog page loads, click the Data Protection Services menu bar in the navigation column to the left.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 252
Step 2 - Launch the Display Backup Service Levels request
From the Data Protection Services page, locate the Display Backup Service L... (the catalog item's full title, Display
Backup Service Levels
Levels, has been truncated) tile and click the Request button.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 253
Step 3 - Provide details
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 254
Step 4 - List the backup service levels
Listing the available backup service levels on this page is what this particular catalog item has been configured to do.
When you click Submit
Submit, you'll complete the workflow.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 255
Step 5 - Recap
This catalog item workflow does its work during the request process by displaying the available backup service levels
in the drop down menu.
Summary
In this Lab, as the Cloud Administrator, you created a new Avamar backup service level, in which you defined the
backup frequency and schedule (twice daily at 5am and 5pm), retention policy (3 years for all backups), and archival
policy (5 years).
A user requesting VMs through the service catalog must choose a backup service level from the available list at the
time the VM is provisioned. Backups are then automatically scheduled and retained according the defined settings of
the policy that the user chooses. If the cloud admin chooses to enable user-managed data protection, then the user
can initiate on-demand backups and manage their own restore operations as appropriate as well.
An in-depth look at how end users can choose backup policies and manage their own backup and restore
operations can be found in Lab C.1
C.1.
Enabling data protection at the VM blueprint level is explained and demonstrated in Lab B.1
B.1.
The ability to assign backup services and scheduling automatically means less administrative overhead for the cloud
admin, and self-service data-protection management means faster service for the end user.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 256
Lab B.3 - Integrated CMDB
Management with ServiceNow
(10-15 minutes)
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 257
Exercise B.3.1 - Connect to the Cloud Experience Center and launch the
demo
In a traditional IT operational model, a Configuration Management Database (CMDB) tool is used to track the inventory
and configuration of VMs and physical servers that host business-critical workloads, or that deliver business-critical
services. Information about each server is typically entered into the CMDB when the server is built, and is carefully
maintained throughout the server's lifecycle. Although this can be a labor-intensive process, it can improve overall IT
efficiency by flagging potential change risks, identifying inter-dependent services during incidents and outages, and
reporting on licensing compliance.
While the self-service capabilities and business agility offered by an Enterprise Hybrid Cloud means rapid delivery of
new VMs and application stacks to cloud customers, it can present new challenges to IT administrators and staff
focused on IT configuration and service management. CMDB management often assumes that items in its inventory
are fairly static in lifecycle, so CMDB records are often updated by manual processes. In dynamic environments (e.g.
an Enterprise Hybrid Cloud platform) where workloads are rapidly spun up and then retired, a CMDB can quickly go
stale, jeopardizing IT service levels and diminishing its value.
Organizations that leverage ServiceNow can now integrate their ServiceNow CMDB with an Enterprise Hybrid Cloud, so
that VMs for certain workloads, or for specified departments, can be added to the CMDB database with the
appropriate inventory information as an integral part of every VM lifecycle event. With the integration workflows that
connect vRealize Orchestrator to ServiceNow, VM configuration change operations - e.g. VM deployment, upgrade,
reconfiguration, and destruction - can be automatically provided to ServiceNow for real-time inventory and
configuration tracking.
In this Lab, you'll see how the Enterprise Hybrid Cloud's self-service and automated VM-deployment capabilities can
be configured to work seamlessly with a ServiceNow CMDB environment.
To demonstrate this third-party integration features of an Enterprise Hybrid Cloud, you'll use the Cloud Experience
Center at http://interactivedemos.emc.com/ehc to experience the process.
NOTE: You may already have the Cloud Experience Center loaded from a previous Lab. If so, skip this Exercise and
proceed directly to Exercise B.3.2 to continue.
You'll begin by opening a new Chrome browser instance from the Windows Taskbar.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 258
Open the Cloud Experience Center
When the Chrome browser window loads, click the Cloud Experience Center link in the Bookmarks bar.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 259
Exercise B.3.2 - Create a ServiceNow Build Profile
In this Exercise, you'll use the Cloud Experience Center to see how the Enterprise Hybrid Cloud's self-service and
automated VM-deployment capabilities can be set up to work seamlessly with your ServiceNow CMDB platform.
In order to enable ServiceNow integration, you'll first need to create a new ServiceNow Build Profile containing the
ServiceNow-update workflows.
Step 1 - Select the ServiceNow demo from the Cloud Experience Center
You'll begin this Exercise on the demo menu of the Cloud Experience Center
Center.
Select the CMDB Integration with ServiceNow demo from the menu.
From the Catalog page of the self-service portal, click the Infrastructure tab.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 260
Open the Blueprints page
In the navigation widget on the left side of the page, click the Blueprints item.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 261
Continue to Build Profiles
When the Build Profiles page loads, click the New Build Profile link in the upper-right corner of the page.
Properties, when attached to blueprints, enable you to specify additional attributes or tasks that are associated with
any VMs provisioned from the blueprint. In this case, any VM that you want to deploy with integrated ServiceNow
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 262
CMDB capabilities will need to call specific workflows in vRealize Orchestrator that will update ServiceNow whenever a
configuration change on the VM is triggered.
To simplify the process of associating these properties with ServiceNow VMs, you can create a Build Profile that
contains both properties, then add that profile to any blueprints that you want to register with ServiceNow.
The new Build Profile will need a descriptive name. This has been provided for you already.
This first property (1), whose name has already been provided in the Name field, calls a specific vRealize Orchestrator
(vRO) job ID that adds a new record to ServiceNow whenever a VM is deployed with this Build Profile attached. In the
Value field, we'll need to copy and paste the correct job ID number from vRO.
Click the Value field to activate a popup text box with a vRealize Orchestrator link.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 263
Connect to vRealize Orchestrator
Once the popup box appears, click the Connect button to open the vRealize Orchestrator in a popout window.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 264
Get job ID from vRealize Orchestrator
NOTE: This portion of the Exercise is an auto-drive demo, meaning that clicking anywhere on the page will
automatically advance to the next step, regardless of where the mouse pointer is on the page.
The ServiceNow integration workflows have already been installed in vRealize Orchestrator. These are the vRO jobs
that you'll associate with the Properties in the new Build Profile that you're creating in vRealize Automation.
The master_cmdb_insert job is what updates the CMDB when a new VM is created. That's the job ID you need for this
step.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 265
Copy the job ID
The job ID number on this next page is the value you'll need to provide for the first Property you've created in the new
Build Profile.
Click anywhere on the page to copy the job ID and return to vRealize Automation.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 266
Enter job ID number
1. Back in vRA, click in the Value field to paste the job ID number that you copied from vRO.
2. Click the green check mark button to save the new Property.
Now, you'll add a second Property to the Build Profile. This second Property will call a different vRO job ID, which will
update ServiceNow's records when an existing VM is modified or destroyed.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 267
Provide the Property name
Once again, the Name of the new Property has already been provided for you.
Click in the Value window to open the vRealize Orchestrator Client window again.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 268
Find the job in vRO
The master_cmdb_update job updates the ServiceNow CMDB when a new VM is modified or destroyed. That's the job
whose ID you'll need for the second Property in the Build Profile.
Click anywhere on the page to highlight the job object and display its Settings page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 269
Copy the second job ID number
Just as with the first Property, the highlighted ID number on this page is the Value you'll need to associate with the
Build Profile's second Property.
Click anywhere on the page to copy the job ID and return to vRealize Automation.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 270
Paste the second job ID number
1. Click in the Value field of the new Property to paste the job ID you just copied from vRO.
2. Save the new Property by clicking on the green check button
button.
Now that you've associated two specific ServiceNow-related vRealize Orchestrator workflows with this new Build
Profile, click the OK button to save it and return to the previous page in vRealize Automation, then proceed to the next
Exercise in the Lab.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 271
Exercise B.3.3 - Attach the ServiceNow Build Profile to an Existing IaaS
Blueprint
In the previous Exercise, you used the Cloud Experience Center interactive demo to step through the process of
creating a new Build Profile and attaching the required ServiceNow workflows to it.
In order to run those workflows as part of the automated VM deployment process, you'll need to associate that new
Build Profile with any and all VM blueprints on which you wish to enable ServiceNow.
This Exercise will show you how to attach the new Build Profile to an existing IaaS blueprint.
From the previous Exercise, you should be on the Build Profiles page of the Infrastructure tab.
You'll see the new ServiceNow Integration build profile that you just created now listed on the page.
Click the Blueprints item in the navigation widget on the left side of the page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 272
2. Hover the pointer over the blueprint. When the popout menu appears, click Edit
Edit.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 273
Step 2 - Attach the ServiceNow Build Profile to the blueprint
When the Edit Blueprint - vSphere (vCenter) page opens, click the Properties tab.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 274
Enable the new build profile
On the blueprint's Properties page, you'll see a list of available build profiles that you can attach to the blueprint.
Attaching a build profile to a blueprint automatically associates all of the build profile's properties with the blueprint.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 275
Summary
Proceed to the next Exercise, you'll deploy a new VM based on this blueprint, and validate that the vRealize
Orchestrator workflows called from the build profile are triggered automatically to update ServiceNow with the
appropriate change data.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 276
Exercise B.3.4 - Deploy a VM from the ServiceNow IaaS blueprint
In the previous Exercises of this Lab, you created a new Build Profile that contained properties, each of which called a
different workflow in vRealize Orchestrator to detect qualifying events (new VM, reconfigured VM hardware, VM state
changes, etc.) and update the ServiceNow CMBD with the relevant configuration changes. You then attached that new
Build Profile to a pre-configured IaaS blueprint.
In this Exercise, you'll use the vRealize Automation Service Catalog to deploy a VM from that blueprint, and validate its
ongoing connection to ServiceNow through creation, reconfiguration, and decommission.
From the previous Exercise, you'll be on the Infrastructure > Blueprints > Blueprints page, where you just saved the
Ubuntu - ServiceNow blueprint with the ServiceNow Integration build profile attached.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 277
Open the ServiceNow service page
When the Catalog page loads, click the ServiceNow item in the navigation widget on the left side of the page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 278
Step 2 - Initiate the VM request
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 279
Confirm Build Profile association
If you've deployed IaaS blueprint VMs previously, you'll recognize this form.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 280
Submit the request
You'll see the ServiceNow workflows from the Build Profile have been added to the VM as custom properties, ensuring
that ServiceNow will be updated when this VM is created, and again if the VM is reconfigured, power-cycled, or
destroyed.
Request submitted
When the Requests page loads, you'll see the new VM you just requested at the top of the list, with its deployment
status set to In Progress
Progress.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 281
Click the Refresh button at the bottom of the page to reload the page and update the status.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 282
Confirm VM deployment
When the page reloads, you'll see the status of the new VM deployment request change to Successful
Successful.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 283
Step 4 - View VM details
When the Machines inventory list loads, you'll see the new Ubuntu VM, BLRPOCLIN043
BLRPOCLIN043, on the page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 284
Note VM configuration details
On the Item Details page, you'll see the parameters the VM was deployed with, including:
Name
Power status
CPU count
Memory allocation
Storage allocation
Next, you'll compare the details on this page with those provided to ServiceNow when the VM was deployed.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 285
Close the VM Details page
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 286
Open the ServiceNow management console
You'll return to the Machines page, showing the single VM, BLRPOCLIN043
BLRPOCLIN043, in the inventory list, and a text box offering
to open the ServiceNow Service Automation management console.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 287
Step 5 - Confirm new VM in ServiceNow management console
A box showing the ServiceNow Service Automation management console will appear in your browser window.
NOTE: This portion of the Exercise runs in auto-drive mode, meaning that clicking anywhere on the page will advance
to the next screen, regardless of the cursor's position on the page.
Click anywhere on the page to view the list of Virtual Machine Instances in the ServiceNow CMDB.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 288
View VM's configuration details
At the bottom of the list of VMs in the ServiceNow CMDB, you'll see the BLRPOCLIN043 VM that you just deployed.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 289
View VM details
The VM's configuration details - name, resource footprint, network settings, power state - are all tracked and visible in
ServiceNow, and match the information shown on the VM's Details page in vRealize Automation, confirming that the
vRO workflow to update ServiceNow with the new VM information was launched and completed successfully.
Click anywhere on the page to close the ServiceNow Service Automation management window and return to vRA.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 290
Step 6 - Destroy the VM
Now that you've confirmed that new virtual machines that include the ServiceNow build profile and properties in their
IaaS blueprint will automatically be added to the ServiceNow CMDB, you'll destroy the VM and check the results in
ServiceNow again.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 291
Confirm VM destruction request
Acknowledge request
You'll return to the Machines page with the single VM listed in the VM inventory.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 292
Click the Refresh button at the bottom of the page to reload the page and update the VM status.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 293
Return to ServiceNow management console
In the text box that appears at the bottom of the page, click Connect to return to the ServiceNow Service Automation
management console.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 294
Step 7 - Confirm VM removal from ServiceNow
Click anywhere on the page to return to the VM's Details page in the ServiceNow Service Automation management
console.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 295
View retired VM
Now that the BLRPOCLIN043 VM has been deleted, the VM state has automatically changed to Retired
Retired, confirming that
the workflow to update ServiceNow was triggered as soon as the VM was removed.
Click anywhere on the page to close the management console and return to vRealize Automation.
In addition to the ServiceNow exercise you just completed, the lab guide includes a walk-through of the following,
additional interactive demos:
If you wish to step through another interactive demo, click the MENU tab along the left edge of the window to return to
the main menu and select one of the other available demos, and then open the appropriate chapter in the lab guide.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 296
Otherwise, close the Chrome browser window to return to Firefox.
Summary
In a cloud environment, automation is not just useful in enabling rapid and accurate deployment of end-user services.
Even at the IT administrative level, critical service management tasks can be automated as part of any cloud-services
portfolio to simplify not just business service agility, but also real-time IT service management as well.
ServiceNow integration - when leveraged in an Enterprise Hybrid Cloud environment where users can provision,
upgrade, and reconfigure their own virtual machines from a self-service portal - means that IT processes don't have to
be made more complex when business processes are simplified.
With the ServiceNow capabilities that can be part of any Enterprise Hybrid Cloud deployment, service and workload
automation can be easily and automatically tracked at an enterprise level, even at scale, in a few simple steps.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 297
Lab C.1 - Virtual Machine Lifecycle
Management (30-35 minutes)
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 298
Exercise C.1.1 - Log in to vRealize Automation as the Business Analyst
In this lab, you will log in to vRealize Automation using the Business Analyst account, and request a new virtual
machine from the business analyst's self-service portal.
Once the VM has been deployed, you will then review the VM's data-protection options, first by capturing a snapshot
of the VM, and then running on-demand backup and restore operations.
Next, while still logged on to vRA as the Business Analyst, you will change the VM's hardware allocation by adding
CPU, memory, and disk resources to the VM.
Finally, using the Business Analyst's vRA self-service portal, you will destroy the VM.
NOTE: This Exercise assumes you have not logged into vRealize Automation as the Business Analyst. If you already
have an active vRA session as the Business Analyst, please proceed to Exercise C.1.2
C.1.2.
If you are currently logged in to vRA as the Cloud Administrator or as the Developer after having completed any of the
other Labs, then click the Logout link in the upper right corner of the self-service portal, and proceed to Step 3 to log
back in to vRA as the Business Analyst.
If Firefox is not already open from an earlier lab session, then double-click the Mozilla Firefox icon on the desktop to
load the web browser. Proceed to Step 3 to log in to vRealize Automation as the Business Analyst.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 299
1. In the Username field, enter business_analyst@vlab.local
2. In the Password field, enter Password123!
3. Click Login
Login.
Click the Catalog tab at the top of the page to open the Business Analyst's self-service catalog view.
The default view of the Catalog page shows all available catalog items in one flat view. If you've already completed any
of the earlier labs, you'll notice a significant difference between the catalog items and services that were presented to
the Cloud Administrator, and what the Business Analyst sees and is able to request.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 300
Cloud Administrator's Service Catalog
For comparison, here's a partial All Services view of the Cloud Administrator's catalog. Catalog items and services
available to the cloud_admin account include storage-, data protection-, and support-related tasks, whereas cloud
customers and end users will see only catalog items for requesting VMs and services.
Click the Virtual Servers service menu bar. You'll see the virtual-server-based catalog items available to the Business
Analyst from this service.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 301
Exercise C.1.2 - Provision a New VM from the Catalog
In this Exercise, in the role of the Business Analyst, you will configure and request the creation of a new virtual
machine.
NOTE: For instructions on logging in to the vRealize Automation self-service portal as the Business Analyst and
opening the Catalog page, refer to Exercise C.1.1
C.1.1.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 302
Launch the VM request wizard
The Linux - Protected catalog item's details page will appear, showing you the item description, available resource
configuration options, and daily cost.
Click the Request button in the lower left-hand corner of the page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 303
Step 2 - Configure VM footprint and backup settings
1. Leave the Machine, CPU, and Memory values at their default settings.
2. Click the drop-down button next to Select Backup Service Level
Level, and choose
Daily_1x_Retention_6mo_Archive_1yr to assign a backup policy (backed up once per day, with a six-month
data-retention and 1-year archive retention policy) to this VM.
3. Click Submit to continue.
When the Request confirmation page loads, click OK to return to the default Service Catalog page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 304
Step 3 - Monitor VM provisioning status
From the Catalog page, click the Requests tab. This is where you can track the status of your VM provisioning
operation.
At the top of the Requests list, you will find the line item labeled Linux- Protected
Protected, corresponding to the request you
configured and submitted in Step 1.
1. Review the Machine, CPU, Memory, and Storage settings for the new VM
2. Note the daily cost for running this VM in the RainPole environment with the configured settings. Depending
on your organization's policies and practices, these costs may be absorbed by your IT department, or passed
along to your business group.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 305
3. When finished, click OK to return to the Requests page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 306
Track the status of your Linux - Protected request
To update the status page, click the Refresh Data button at the bottom of the page until the status of your VM
provisioning request changes from In Progress to Successful
Successful, if it hasn't already. This will let you know that your new
VM is complete.
Note: The VM-provisioning operation used in this automated workflow clones a new VM based on a small CentOS
template, so the provisioning operation that you initiated in this exercise should be completed within 4-6 minutes
after you submitted the request.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 307
Locate the new VM
When the Items > Machines page loads, you'll see the new virtual machine that you just provisioned.
NOTE: Your VM may have a different name than the one shown in the graphic on this page.
Note the name of the new VM; you'll need it for the remaining Exercises in this Lab. If there are multiple VMs on the
business analyst's Machines page, use the Date Created column to identify which machine was created on today's
date. This is the VM you'll use for the duration of this Lab.
After you've located the VM and noted its name, proceed to Exercise C.1.3
C.1.3.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 308
Exercise C.1.3 - Self-Service VM Snapshot Management
In addition to the user-managed data protection capabilities enabled by the Enterprise Hybrid Cloud solution that
leverage more traditional backup and restore operations (which you'll perform in Exercise C.1.4
C.1.4), vRealize Automation
can also be configured to allow users to create and manage their own VM snapshots to enable VM-state recovery in
certain situations.
In this Exercise, you'll initiate a snapshot of the VM that you created in Exercise C.1.2
C.1.2, and then revert the VM back to
its pre-snapped state, using the vRealize Automation self-service portal.
NOTE: The use of snapshots, particularly user-initiated and self-managed snapshots, should be enabled and used
sparingly and with caution.
From the Machines page, click the name of the VM you provisioned in Exercise C.1.2
C.1.2.
NOTE: Your VM may have a different name than the one shown in the graphics of this Exercise.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 309
Step 2 - Initiate a VM snapshot
From the VM's Item Details page, click the Snapshots tab.
On the VM's Snapshots page, click the New Snapshot link to initiate a snapshot.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 310
Configure snapshot details
1. Accept the default snapshot name, leaving the Snapshot the machine's memory option unchecked
2. Click OK
OK.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 311
Acknowledge the new snapshot
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 312
Step 3 - Revert the snapshot
From the VM's Snapshots page, you'll see the snapshot you just captured. To revert the VM and apply the snapshot,
hover the mouse pointer over the arrow next to the snapshot's timestamp.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 313
Confirm snapshot reversion
Use the Refresh button to update the status.The Snapshot operation in progress... status beneath the snapshot
management box will disappear once the snapshot-revert operation has completed.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 314
Step 4 - Delete the snapshot
Having successfully reverted the VM to its pre-snapshot state, you will now delete the snapshot you captured in Step
2.
Hover the mouse pointer over the arrow to the right of the snapshot's timestamp.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 315
Confirm delete-snapshot request
This process will take 30-60 seconds to complete. Use the Refresh button to update the status page. When the delete
operation completes, the Snapshot operation in progress... status will disappear.
When the snapshot has been successfully deleted, scroll down to the bottom of the VM's Item Details page and click
the Close button. You'll be returned to the business analyst's Items > Machines page in the vRA self-service portal.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 316
Exercise C.1.4 - Self-Service Data Protection
In this Exercise, you will initiate an on-demand backup of the VM you provisioned in Exercise C.1.2
C.1.2, and monitor the
backup job to completion. You will then initiate a restore operation against the VM, using the backup dataset you just
created.
You should begin this exercise on the Items tab of the business analyst's self-service portal after completing the steps
outlined in Exercise C.1.2
C.1.2.
From the Machines page, find the VM you provisioned in Exercise C.1.2
C.1.2. Click the hyperlink of the VM's name.
NOTE: The name of your new VM may differ from the examples shown in the graphics of the lab guide. Use the Date
Created column of the Machines page to identify your new VM.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 317
Provide a request description
1. In the Request Information page's Description field, enter First backup of new VM
2. Click Next
Next.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 318
Confirm backup request
On the New Request wizard's Review page, click Submit to initiate the backup operation.
You will be returned to the Machines page. Click the Requests tab.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 319
Step 2 - Monitor backup job status
When the Requests page loads, locate the line item named On Demand Backup - DEV*** (where *** is the unique
numerical suffix assigned to your VM when you deployed it).
If the status shows the backup job is still in progress, click the Refresh button near the bottom of the page until the
request status changes to Successful
Successful.
NOTE: The on-demand backup request should complete within 2-5 minutes.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 320
In the event of a backup failure
If the backup request fails, see the Troubleshooting step at the end of this Exercise. Otherwise, please proceed to Step
3.
With the VM backup complete, you can now run a Restore operation:
1. From the Business Analyst's Items > Machines page, click to highlight the VM's row (if it isn't still highlighted
from Step 33).
2. Click the drop-down Actions button at the top of the Machines inventory list.
3. Click On Demand Restore
NOTE: If the drop-down Actions menu appears empty, check again to make sure the new VM is highlighted and click
the button again.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 321
Restore description
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 322
Choose a restore point
1. Click the drop-down backupPoint menu button, and select sole backup point from the menu. NOTE: If there is
more than one backup image, choose the topmost backup job in the list.
2. Click Submit
You'll see a message indicating that the request has been successfully submitted. Click OK to return to the Machines
page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 323
Step 5 - Monitor restore operation progress
From the Machines page, click the Requests tab to monitor the restore operation's progress.
Locate the Restore operation's request entry and verify successful completion
From the Requests page, locate the On Demand Restore request, most likely at the top of the page. If the request
status shows the operation is still In Progress
Progress, click the Refresh Data button at the bottom of the page. Repeat as
necessary until the request status changes to Successful
Successful.
Recap
In this Exercise, as the Business Analyst, you performed an on-demand backup job of the VM you provisioned in
Exercise C.1.2
C.1.2, followed by a restore operation.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 324
The self-service model of vRealize Automation, integrated with the automated backup and restore workflows of
Avamar, means an Enterprise Hybrid Cloud solution that enables users to manage their own data protection without
administrative assistance or any type of IT intervention. This means rapid access to services for end users, as well as
reduced administrative overhead for the IT support staff.
Troubleshooting
If the On-Demand Backup request fails, click the task number to open its Details page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 325
Review failure message
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 326
Exercise C.1.5 - Reconfigure the VM's Hardware
In this exercise, you'll edit the hardware settings of the VM that you provisioned in Exercise C.1.2
C.1.2, adding CPU,
memory, and storage to the VM's allocation.
You should begin this exercise on the Items tab of the business analyst's self-service portal after completing Exercise
C.1.4
C.1.4. The VM should already be in a powered-off state from Exercise C.1.3
C.1.3.
From the Item>Machines page, find the VM you provisioned in Exercise C.1.2.
NOTE: The name of your new VM may differ from the examples shown in the graphics of the lab guide. If necessary, use
the Date Created column of the Machines page to identify your new VM.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 327
Step 2 - Edit the VM hardware resources
To add a second volume to the VM, begin by clicking the Storage tab at the top of the request page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 328
Add a new volume to the storage allocation
When the Storage page appears, click the New Volume link in the upper-right corner of the Volumes box.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 329
Verify execution settings
NOTE: CPU and memory reconfiguration require that the target VM be in a powered-off state. If the VM were not already
powered off from the on-demand restore operation you performed in Exercise C.1.3
C.1.3, you have the option to power
down the VM using the Power action drop-down on this page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 330
Acknowledge submission
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 331
Monitor the reconfiguration status
You will be returned to the Machines page, with the status of your VM showing Off (Reconfigure pending) or Off
(Reconfiguring)
(Reconfiguring).
With the target VM already powered off, reconfiguration of the VM hardware should be complete in 2-3 minutes
minutes. Use
the Refresh button to reload the page until the Status returns to Off
Off.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 332
Step 6 - Confirm new VM settings
From the Machines page, click the VM's name to load the Item Details page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 333
Review updated VM configuration
When the Item Details page loads, you will see the updated VM hardware settings on the Machine Information form,
including:
2 CPUs
512MB memory
7GB of storage
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 334
Exercise C.1.6 - Delete the Virtual Machine
In this Lab, having logged in as the Business Analyst, you configured and provisioned a new virtual machine. You then
initiated an on-demand backup of the VM, then a restore operation. Next, you created and then reverted a user-
initiated snapshot of the VM through the same self-service portal.
Finally, still logged on as the Business Analyst, you edited the VM's hardware configuration to add CPU, memory, and
disk resources to the VM footprint.
In this last Exercise, as the Business Analyst, you will destroy the VM through the self-service portal.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 335
Confirm destroy request
Click Submit
Submit.
Acknowledge submission
Click OK
OK.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 336
Step 2 - Monitor destruction operation
The Machines page will now show the status of the VM as Disposing
Disposing.
Click the Reload button to update the page. This operation should complete within 3-5 minutes.
Confirm VM deletion
When the VM has been successfully destroyed, it will disappear from the Business Analyst's page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 337
Step 3 - Log the Business Analyst out of vRealize Automation
This Exercise is the last that you'll perform in the vLab as the Business Analyst. To log the Business Analyst out of
vRealize Automation, click the Logout link in the upper right corner of the portal.
Summary
The Enterprise Hybrid Cloud enables user empowerment to request, use, and manage their own resources. In this Lab,
you have followed a VM through its entire lifecycle: from creation to deletion, and including snapshot management,
backup, restore, and reconfiguration.
By providing users with a set catalog of blueprints and self-directed management capabilities, cloud administrators
can quickly deliver standardized services to their users. Additionally, the ease of creating and publishing new
blueprints means that IT can quickly expand their services portfolio in response to rapidly changing business
demands in a rapidly evolving competitive climate.
If you are interested in seeing some of these processes in more detail, this Guide also offers the following additional
Labs:
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 338
Lab C.2 - Deploy Applications and
Services with VMware NSX (35-40
minutes)
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 339
Exercise C.2.1 - Deploy a Simple Two-Tier Application
In this Exercise, you'll log into vRealize Automation as the Developer persona and deploy a pair of Python Flask
applications built on NSX blueprints. The first application uses no NSX security features - all traffic passes to and from
the VM unimpeded. The second uses NSX-based micro-segmentation to isolate the application layers and protect
application services and data from compromise.
After completing the two application deployments, you will then compare the effective differences in security between
the two blueprints in the next Exercise.
From the vRealize Automation login portal, enter the following credentials:
When the vRealize Self-Service Portal loads, click the Catalog tab.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 340
Filter the service catalog
Next, click the Applications Service tab in the navigation widget on the left.
From the vlab Development catalog page, locate the tile labeled Python Flask App - w/o Microsegmentation and click
the Request button.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 341
Submit the request
Accept the default settings. Click the Submit button to submit the request.
When the Request confirmation page loads, click OK to return to the Catalog tab.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 342
Step 4 - Request a secure, micro-segmented Python Flask application instance
From the Catalog page, click the Applications service item in the navigation widget on the left.
From the vlab Development catalog page, locate the tile labeled Python Flask App
App, and click the Request button.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 343
Submit the application instance request
Accept the default settings. Click the Submit button to submit the request.
When the Request confirmation page loads, click OK to return to the Catalog tab.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 344
Step 5 - Monitor the status of the Application Requests
1. You'll see both requests at the top of the list. One or both may still show an In Progress status.
2. Click on the Refresh button at the bottom of the page to reload the status on the page until both requests
show up as Successful
Successful.
NOTE: Overall deployment time should be between 3-5 minutes per instance.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 345
Step 6 - Confirm two new application VMs
Once both application requests show a Successful deployment status, click the Items tab at the top of the self-service
portal
Review VM inventory
You'll see two new VMs on the Machines inventory of the Items page, corresponding to the new applications you just
deployed.
Note the name of the secured application - the VM whose name begins with WEB...
WEB....
In the next Exercise, you'll review its configured NSX security policies in vCenter.
NOTE: VM names in your environment may differ from those shown in this Guide. Depending on which prior Labs
you've completed, the Machines inventory list in your environment may also differ from what is shown here.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 346
Exercise C.2.2 - Review NSX Security Policies
In Exercise C.2.1
C.2.1, you deployed two side-by-side applications in vRealize Automation - one with a VMware NSX-based
micro-segmentation security policy and the other without. In this Exercise, you'll log into vCenter using the vSphere
Web Client and review the configured security policies.
NOTE: If you log into vCenter using either the administrator@vlab.local or administrator@vsphere.local
administrator@vsphere.local, you won't
have administrative rights to the NSX manager in vCenter. Please use the credentials supplied in this Exercise.
From the new browser tab, click the vSphere Web Client button in the Favorites menu bar.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 347
Provide authentication credentials
NOTE: Logging in to the vSphere Web Client may take 1-2 minutes to complete.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 348
Step 2 - Open the NSX Service Composer page
When the vSphere Web Client page loads, click the Networking & Security link in the Navigation column.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 349
Continue to the Service Composer
From the Networking & Security menu, click the Service Composer link.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 350
Step 3 - Review the WEB Tier Security Group settings
1. From the Security Groups page, locate the WEB Tier Security Group line item.
2. To see the applicable rules in this security policy, click the 3 under the Firewall Rules column.
In the Web Tier Security Group - Firewall Rules box, you'll see three rules in sequence, that regulate which types of
traffic can pass to and from the application, as well as between the tiers of the application.
1. Block the communication between VMs in the WEB Tier Security Group
Group*
2. Allow only traffic on port 8080
3. Block any other traffic
Taken together, these rules serve to secure the individual layers of a multi-tier application from compromise, while still
ensuring application functionality.
To close the box, click the x in the upper right hand corner (4).
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 351
Step 4 - Check the list of secured VMs
When the WEB Tier Security Group - Virtual Machines list loads, you'll see the WEBxxx VM, which you should recognize
from your Machines inventory in vRA as the secure application VM you provisioned in the previous Exercise.
The DEVxxx VM is not on this list, because it was deliberately excluded from any NSX security policies.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 352
Step 5 - Return to the vRA self-service portal
Close the vSphere Web Client browser tab in Firefox to return to the Self-Service Portal
Portal.
In the next Exercise, you'll test the NSX security policies against the secure application VM, and compare those
against the unsecured VM.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 353
Exercise C.2.3 - Test NSX Security Policies and Application Functionality
In this Exercise, you will test the security policies of the two NSX-based applications you deployed in Exercise C.2.1
C.2.1,
using a test ping and an SSH connection attempt.
Finally, you will connect to each application using a web browser to confirm that the application works, regardless of
security policy.
NOTE: This Exercise assumes you are logged into vRealize Automation as devops_user@vlab.local
devops_user@vlab.local.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 354
Step 1 - Open a Notepad application instance
In this and subsequent Exercises in the Deploy Applications and Services with VMware NSX Lab, you'll need to use the
IP addresses of several VMs to validate security and application functionality. In a lab environment, the recommended
method for tracking this information will be to use the Windows Notepad to track the IP addresses of the VMs in your
environment.
Click the Start button on the desktop, and choose Notepad when the Start menu appears.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 355
Return to the self-service portal
When Notepad has opened, click the Firefox button on the Windows taskbar to return to the self-service portal.
You'll see both new application items on the Machines inventory page. In order to test network access between
components in the unsecured application, you'll need its IP address. The unsecure application is the item whose
name begins with EHC
EHC.
NOTE: VM names in your environment may differ from those shown in this Guide. Depending on which prior Labs
you've completed, the Machines inventory list in your environment may also differ from what is shown here.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 356
Continue to the Network page
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 357
Copy the VM's IP address to the Windows Clipboard
On the VM's Network page, you'll see its IP address.You'll need this address for the remainder of the Exercise.
NOTE: Keyboard shortcuts, such as <Ctrl>+<C> and <Ctrl>+<V>, do not work in the vLab HTML5 RDP environment. You will
need to use the mouse for all copy/paste activity.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 358
Label and paste the IP address into Notepad
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 359
Step 3 - Ping the VM's IP address
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 360
Ping the unsecured application VM's IP address
When the command window loads, enter ping <ip_address>, using the IP address you pasted into Windows Notepad in
the previous step.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 361
Confirm successful ping
You should see four responses from the target VM, confirming that NSX is allowing ping traffic to and from the VM. This
is normal, since there is no security policy applied by NSX to this VM.
Having confirmed you can successfully ping the target VM, you will now test SSH connectivity to the VM.
Without closing the Command Prompt window, click the PuTTY button on the Windows Taskbar to open the SSH,
Telnet and Rlogin client
client.
1. Enter the Unsecured VM's IP address, which you pasted into Notepad earlier, in the Host Name (or IP address)
window.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 362
2. Click Open
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 363
Accept security warning message
You'll see a PuTTY Security Alert window, warning you that the target VM may have been compromised.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 364
Confirm login prompt
When the SSH client window opens, you'll see (1) a login prompt asking for credentials. In addition to allowing ping
traffic, NSX will also permit SSH connectivity to the VM, since there are no security policy restrictions in place.
Close the PuTTY client window (2) and return to the self-service portal.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 365
Step 5 - Check the IP address of the secured application VM
In Firefox, you should still be on the Network tab of the unsecured application VM's Item Details page.
From the Machines inventory page, you'll again see both new application items on the Machines inventory page.
NOTE: VM names in your environment may differ from those shown in this Guide. Depending on which prior Labs
you've completed, the Machines inventory list in your environment may also differ from what is shown here.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 366
The secure application, whose IP address you'll need, is the item whose name begins with WEB
WEB.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 367
Copy the VM's IP address to the Windows Clipboard
On the VM's Network page, you'll see its IP address.You'll need this address for the remainder of the Exercise.
NOTE: Keyboard shortcuts, such as <Ctrl>+<C> and <Ctrl>+<V>, do not work in the vLab HTML5 RDP environment. You will
need to use the mouse for all copy/paste activity.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 368
Label and paste the IP address into Notepad
Click the Firefox button on the Windows Taskbar to return to the self-service portal.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 369
Close the Details page
Click the Command Prompt button on the Windows Taskbar (it should still be open from earlier in the Exercise) to
return to the Command Prompt window.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 370
Enter the secure VM's IP address
From the Command Prompt window, enter ping <ip_address>, using the IP address of the Secured VM that you pasted
into Notepad.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 371
Confirm all packets lost
You'll see a 100% packet loss for this attempt due to the NSX security policy in place around this VM, which blocks all
non-essential traffic (including ping packets) from reaching the VM.
Having confirmed you are unable to ping the target VM, you will now test SSH connectivity to the VM.
Click the PuTTY button on the Windows Taskbar to open the SSH, Telnet and Rlogin client
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 372
Attempt to connect to the secured VM
1. Enter the Secured VM's IP address, which you pasted into Notepad earlier in the Exercise, in the Host Name
(or IP address) window.
2. Click Open
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 373
Confirm connection failure
Unlike the result you saw with the Unsecured virtual machine, in this VM you'll see that the connection attempt times
out, having been blocked by NSX using the VM's configured security policy.
Click OK to close the error warning, and close the PuTTY window to return to the Firefox browser.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 374
Enter the unsecure VM's IP address
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 375
Step 9 - Connect to the secure application VM's IP address
In the same browser tab's Address window, enter http://<ip_address>:8080, this time using the Secured VM's IP
address from Notepad, and press <Enter>
You'll see a webpage confirming the application functions successfully, even with the NSX security policy. Non-
essential traffic to and from the application VM is blocked by NSX, but essential traffic continues to pass unimpeded.
NSX protects data and resources, while still enabling full application functionality.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 376
Return to the Self-Service Portal
Now that you've confirmed that both new applications work, close the second browser tab in Firefox and return to the
Self-Service portal, then proceed to the next Exercise in the lab.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 377
Exercise C.2.4 - Deploy a Scaleable Multi-Tier NSX Application
In previous Exercises, you deployed two single-VM applications, one with an NSX security policy and one without.
Having tested and validated VMware NSX's ability to protect applications and application VMs, you'll now see how
NSX can also be configured to provision multi-tier applications. Once you've deployed the application, you'll scale it
out by adding new web-server VMs to the application, and then validate NSX's ability to load-balance traffic between
the new web VMs.
NOTE: This Exercise assumes you are still logged in as devops_user@vlab.local from Exercise C.2.3
C.2.3.
From previous Exercises, you should be on the Machines inventory of the self-service portal.
From the Catalog page, click the Applications item in the navigation widget.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 378
Request a new multi-VM application
When the Applications catalog page loads, locate the 2-Tier-App w/Microsegmentation catalog item, and click its
Request button.
1. Note that within the Multi-Machine Service vApp header, there are two configured tiers.
2. Click the DB Tier row.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 379
Review DB VM parameters
With the DB Tier row highlighted in the top section of the page:
1. Note that the Machines count in the Request Information section of the page limits you to a single VM.
2. Click the WEB Tier row at the top of the page.
With the WEB Tier row highlighted, you'll see that the Machines setting has changed, allowing you to provision 1-5
web server VMs into this application.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 380
Submit the application request
At this point, you'll accept the default settings of one DB VM and one Web VM in this new application.
Click the Submit button at the bottom of the page to launch the deployment process.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 381
Open the Requests page
Click the Requests tab at the top of the Self-Service Portal to view the status of the new request.
At the top of the Requests page, you'll see the 2-Tier-App Micro-segmented application request that you just
submitted, whose status will show In Progress
Progress.
The new application will take 8 to 10 minutes to deploy. Use the Refresh button at the bottom of the page to reload the
page and update the status of your request.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 382
Note: If deployment is failed, please go back to the step Browse to the Applications service catalog page and deploy
the 2-Tier-App w/Microsegmentation application one more time.
In order to connect to your new application and validate its NSX security policy settings, as well as its functionality,
you'll need to get its IP address from vRA. Click the Items tab at the top of the Self-Service Portal.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 383
Expand the vApp container
At the top of the Machines inventory list, you should see a vApp container whose name begins with EHC...
EHC.... This is your
new multi-VM application instance.
NOTE: The vApp name in your environment may differ from what is shown in this Guide. Additionally, the items in your
environment may differ based on which Labs you've completed.
Click the + symbol to the left of the vApp to expand the vApp container.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 384
Open the DB server's Details page
In the now-expanded vApp, click the DB server's name to open its Details page.
NOTE: The DB server name in your environment may differ from what's shown in this Guide.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 385
Open the Network page
When the Item Details page loads, showing the DB server's hardware settings and additional configuration data, click
the Network tab at the top of the page.
NOTE: The DB server name in your environment may differ from what's shown in this Guide.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 386
Copy the DB server's IP address
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 387
Paste the database server VM's IP address
Click the Command Prompt button on the Windows Taskbar (it should still be open from earlier in the Exercise) to
return to the Command Prompt window.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 388
Ping the DB server's IP address
In the Command Prompt window, enter ping <ip_address>, using the IP address of the Database server that you pasted
into Notepad
Notepad, and then press <Enter>
<Enter>.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 389
Confirm all packets lost
You'll see a 100% packet loss for this attempt due to the NSX security policy in place for the database VM, which
blocks all non-essential traffic (including ping packets) from reaching the VM.
Close the Command Prompt window and return to the Firefox browser and the DB VM's Network details page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 390
Step 6 - Capture the new application web server's IP address
When the Command Prompt window closes, you'll return to the DB server's Item Details page, showing its IP address.
When the Machines inventory page loads, you'll see the DEV... vApp at the top of the list again.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 391
NOTE: The vApp name in your environment may differ from what is shown in this Guide. Additionally, the items in your
environment may differ based on which Labs you've completed.
Click the + symbol to the left of the vApp to expand the vApp container.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 392
Open the web server's Details page
In the now-expanded vApp, click the Web server's name to open its Details page.
NOTE: The Web server name in your environment may differ from what's shown in this Guide.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 393
Open the Network page
When the Item Details page loads, showing the Web server's hardware settings and additional configuration data,
click the Network tab at the top of the page.
NOTE: The Web server name in your environment may differ from what's shown in this Guide.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 394
Copy the web server's IP address
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 395
Paste the web server VM's IP address
Click the Firefox button on the Windows Taskbar to return to the self-service portal.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 396
Connect to the web server's IP address
When the webpage loads, you'll see a confirmation page showing the web server's UID and IP address.
NOTE: The web server's UID, IP address, and the color of the webpage may differ from what is shown in this Guide.
You'll also see a port scanning feature on the web page, offering to test IP address and port connectivity.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 397
1. In the Enter an IP address to scan window, enter the Database server's IP address
address, which you pasted into
Notepad earlier in the Exercise.
2. Click Scan ports
ports, using the pre-configured port list.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 398
Review open ports between web and DB servers
1. You'll see the results of the port scan. Note that, per the NSX security policy, only one port is open between
the web and database servers: Port 6379 is openopen, since that is the only port needed for Redis database
connectivity from the web server. NSX is blocking all non-essential ports.
2. Click Return to the main page
page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 399
Step 9 - Test database connectivity
Back on the original web page, click the Test Redis database connectivity link at the bottom of the page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 400
Provide database server IP address
1. Enter the IP address of the Database server, which you pasted into Notepad earlier in this Exercise.
2. Click the Test connectivity button.
NOTE: The IP address of the DB server in your environment may differ from what's shown in this Guide.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 401
Confirm successful connection
You'll see a new webpage, confirming that access between the web and DB servers is successful through the NSX
security layer.
NOTE: If you see a timeout error when connecting to the database server, click the Try Again button using the same
database server IP address.
Now that you've verified database connectivity between the web and DB tiers, continue to Exercise C.2.5
C.2.5, in which
you'll write a test value to the Redis database and then verify it from the vSphere Web Client.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 402
Exercise C.2.5 - Writing and Validating Test Data to Application
Database
In this Exercise, you'll write a test key and value to the Redis database of the multi-tier application you deployed in
Exercise C.2.4
C.2.4. You'll also use the vSphere Web Client to edit the WEB Tier security policy, and then use SSH to
validate the test data from the Redis database.
At the bottom of the page are two windows: one for creating a new database key, and the other for an associated value
with the new key.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 403
Confirm addition of new Key
You'll see a confirmation page, advising that the new key and value were successfully added to the database.
Click the Return to the "Test Redis Database connectivity" page link.
From the new browser tab, click the vSphere Web Client button in the Favorites menu bar.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 404
Login to vSphere if necessary
You should automatically load the vSphere Web Client homepage using credentials cached from your activity in
Exercise C.2.2
C.2.2, in which case you may proceed to Step 3
3. If you are prompted to log in again when the vSphere Web
Client login page appears:
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 405
Step 3 - Open the NSX Service Composer page
When the vSphere Web Client page loads, click the Networking & Security link in the Navigation column.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 406
Continue to the Service Composer
From the Networking & Security menu, click the Service Composer link.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 407
Step 4 - Review the current Security Group settings
1. This time, the WEB Tier Security Group shows two VMs this time instead of the single VM you saw in this
column in Exercise C.2.2
C.2.2: in addition to the original VM you provisioned in Exercise C.2.1
C.2.1, it now includes the
web server of the multi-tiered application that you deployed in Exercise C.2.4
C.2.4.
2. You'll also notice that there is a single VM in the DB Tier Security Group
Group's row. Click the 1 in the DB Tier
Security Group
Group's row of the Virtual Machines column.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 408
Confirm database server in security group
You'll see a single VM in the popup box, corresponding to the DB server of the multi-tiered application that you
provisioned in Exercise C.2.4
C.2.4. Click the x symbol in the upper-right corner of the box to return to the Security Groups
page.
NOTE: The name of the DB VM in your environment may not match what is shown here in the Guide.
Back on the Security Groups page, click the 1 under the Security Policies column, in the DB Tier Security Group row.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 409
Open the DB security policy
In the DB Tier Security Group - Security Policy box, click the DB Tier Security Policy link.
When the Manage Security Policy box opens, click the 2 Firewall Rules navigation link in the left column.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 410
When finished, click the Cancel button at the bottom of the page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 411
Locate the WEB Tier Security policy
When the Security Policies page loads, click to highlight the WEB Tier Security Policy row.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 412
Select the Firewall Rules page
When the WEB Tier Security Policy - Security Policy page loads, click 3 Firewall Rules in the left-hand navigation
column.
Under the Firewall Rules panel of the WEB Tier Security Policy - Security Policy page, click the green + symbol to add a
new rule to the WEB Tier policy
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 413
2. Click the Change... hyperlink on the Source section of the box
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 414
Select allowed sources
1. Click the Any radio button to allow connectivity from any source
2. Click OK
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 415
Select the allowed Destination
Back on the New Firewall Rule box, click the Change... hyperlink on the Service section of the box.
In the Allow SSH to WEB - Select Service and Service Groups box:
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 416
1. Click the Select services and service groups radio button
2. Enter ssh in the search box
3. Click the magnifying glass search icon
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 417
Select SSH service
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 418
Submit new rule
To recap, this new rule will enable SSH access from any source to any server in the WEB Tier.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 419
Re-prioritize the new rule
Click the Move up button at the top of the table, once, to move the rule up to the #3 priority, and ensure that the new
SSH rule won't be overridden by the Block any to WEB rule.
With the new Allow SSH to WEB rule now at #3 in the priority list, click Finish to submit the change and update the
policy.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 420
Step 6 - Log in to the Web server via SSH
Click the SSH, Telnet and Rlogin client button on the Windows Taskbar at the bottom of the page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 421
Decline the certificate prompt
You'll see a security alert regarding the Web server VM's host key. Click No decline the certificate update.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 422
Provide login credentials
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 423
Enter password
When prompted for the password, enter Password123! and press <Enter>
<Enter>.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 424
Step 7 - Query the Redis database
From the prompt in the SSH window, enter redis-cli -h <db_ip_address>, using the IP address of the DB server from
earlier, and then press <Enter>
<Enter>.
NOTE: The IP addresses in your environment may differ from those shown in this Guide. If you need the DB server's IP
address, it should still be shown on the web serer tab of your Firefox browser.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 425
Query the database for all available keys
You'll see the prompt change, showing you have an open Redis query to the DB server.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 426
Confirm Key from earlier Exercise
1. You'll see the query return the "DB-TEST" key that you entered in Step 1 of this Exercise.
2. At the prompt, enter get DB-TEST and press <Enter>
<Enter>.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 427
Confirm Value from earlier Exercise
You'll see the date field that you entered in Step 1 of this Exercise, confirming that NSX blocks nonessential traffic, but
allows application data to pass between tiers in this application.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 428
Return to the Firefox browser
In the next Exercise, you'll add four new web servers to the existing web application, then test VMware NSX's load-
balancing capabilities.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 429
Exercise C.2.6 - Add New Web Servers to Application and Test NSX Load
Balancing
In this Exercise, you'll add four new web servers to the multi-tier application that you created in Exercise C.2.4
C.2.4. You'll
then test the load-balancing capabilities of VMware NSX by connecting to the application and verifying all web servers
are taking traffic evenly.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 430
Close the web server's Item Details page
Again from the previous Exercise, you'll see the web server VM's Network page in vRealize Automation.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 431
Step 2 - Deploy additional web server VMs to the application
On the Machines page, you'll see the vApp that you deployed in Exercise C.3.5 at the top of the page. Click to highlight
the DEV... vApp row.
NOTE: vApp and VM names in your environment may not match those shown in this Guide.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 432
Launch the Add Components wizard
When the New Request page loads, click to highlight the WEB Tier row at the top of the page.
1. With the WEB Tier row highlighted at the top of the page, scroll down (if necessary) to the bottom of the page
2. Change the Machines field on the Request Information tab to 4
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 433
3. Click Submit
This will deploy four additional web server VMs to the application's WEB tier.
Click the Requests tab to view the status of the new VM requests.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 434
Confirm successful deployment
When the four new VMs have been successfully deployed, click the Items tab to return to the Machines inventory.
1. On the Machines page, click the + symbol in the left column to expand the DEVxxx vApp.
2. If the expanded vApp still shows only a single Web server, wait 5-10 minutes for all four new Web server VMs
to power on and initialize
initialize, then click the Refresh button at the bottom of the Machines page, and click to
expand the DEV... vApp again
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 435
NOTE: Machine names in your environment may differ from those shown in this Guide. Additionally, the items in your
environment's inventory will be based on which Labs you have completed, and may vary from those shown here.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 436
View vApp Details
Once all new VMs have initialized, you'll see that there are now five Web server VMs, rather than the single VM that
had previously been in the WEB tier.
Click the View Details button at the top of the Machines page.
NOTE: VM names in your environment may differ from those shown in this Guide.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 437
Step 4 - Capture the virtual IP address of the vApp
Now that there are five web VMs attached to this vApp, NSX has enabled automatic load balancing across all five
servers.To connect to this newly expanded application, you'll use a virtual IP address, rather than connecting directly
to the original Web server VM's IP address as you did in previous Exercises.
Click the View hyperlink to see the WEB Tier layer's Network details.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 438
Note the Load Balancer Virtual IP address
In the View Network box, you'll see a Load Balancer configuration form. This page shows the open ports, health-check
settings, as well as the Virtual IP address for the load balanced web server farm. As you can see, this application is
configured to distribute HTTP port 8080 traffic across five web servers.
NOTE: The Virtual IP address of the load-balanced web server array is automatically assigned by NSX, and the IP
address field is grayed out. You will be unable to copy the IP address to the Windows clipboard.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 439
Close the Load Balancer item Details page
Again from the previous Exercise, you'll see the Load Balancer's Network page in vRealize Automation.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 440
Use the Virtual IP address
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 441
Confirm connectivity to the Virtual IP address
You'll see a web page load, confirming that the Virtual IP address loads the same application that you've seen in
previous Exercises.
1. While the Virtual IP address that you entered still shows in the browser bar...
2. ...note that the application has been configured to return the actual IP address of the web server to which
you're connected.
3. Click the Refresh button at the far right end of the Address bar to refresh the page.
Upon reloading the page, you'll see that NSX has connected your Virtual IP to a different web server:
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 442
1. The Web server's unique id value has changed.
2. The Web server's IP address has been updated to show a different web server.
3. The web page has changed color.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 443
Reload the page through three more web servers
Use the browser's Refresh button to reload the page. After the fifth page refresh, you should have returned back to the
first web server again. The Web server's unique id and the Web server's IP address fields will cycle through all five web
servers as you refresh the page.
Close the web server tab in Firefox, leaving only the Self-Service Portal tab open.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 444
Close Notepad et al
Close the Notepad application window without saving its contents. If the Command Prompt or PuTTY windows are still
open, close them also.
Conclusion
VMware NSX enables a powerful set of tools for your Enterprise Hybrid Cloud environment. Its micro-segmentation
capabilities let you secure your applications at the individual tier level, and its load-balancing feature means you can
easily scale out your applications for greater application availability and performance.
NSX offers features that in a traditional IT enterprise would require a complex planning phase and manual
configuration for every new application that an IT organization deploys. With the automated micro-segmentation and
load-balancing features of VMware NSX, this level of protection is enabled even for self-service applications. IT users
see much faster application and service deployments, and business users see much greater IT agility and rapid
delivery of IT value.
To see how application and service deployments can be automated and enabled for end-user provisioning,
please proceed to Lab C.3 - Deploy a Puppet VM
VM.
An overview of how an Enterprise Hybrid Cloud environment can be integrated with enterprise CMDB
processes is shown in Lab B.3 - Integrated CMDB Management with ServiceNow
ServiceNow.
For a look at managing an Enterprise Hybrid Cloud virtual machine from provisioning to retirement, please
complete Lab C.1 - Virtual Machine Lifecycle Management
Management.
To see how to leverage additional add-on functionality to secure your Enterprise Hybrid Cloud virtual
machines with VM volume-level encryption, take a look at Lab C.4 - Securing VM Data Using CloudLink
CloudLink.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 445
Lab C.3 - Deploy a Puppet VM
(10-15 minutes)
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 446
Exercise C.3.1 - Deploy a Tomcat web server using Puppet
In this Exercise, you'll log on to vRealize Automation as the Developer user, and use an IaaS blueprint that leverages
Puppet and vCenter Orchestrator to provision a virtual machine with Tomcat web services automatically installed as
part of the deployment process.
NOTE: If you are still logged in to vRealize Automation as the Developer persona from the previous Lab, you may
proceed directly to Step 2. If not:
From the vRealize Automation login portal, enter the following credentials:
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 447
Step 2 - Log in to vCenter Orchestrator
You'll also need to log into vCenter Orchestrator to monitor the Tomcat server deployment process, which will initiate
automatically once the base VM has been provisioned.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 448
Provide login credentials for vCO
When the VMware vCenter Orchestrator Login... page loads, enter the following account information:
When the vCO client loads, click the Workflows tab in the left-hand panel.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 449
1. Click the drop-down arrow to the left of the Workflows list
2. Expand the vLab folder
The workflows in this folder will deploy the Puppet agent to the Linux VM you'll provision in this Exercise. You'll come
back to monitor the status of these workflows after deploying the VM.
Click the Firefox browser button on the taskbar to return to vRealize Automation.
If you're still on the Items page from the previous Lab, click the Catalog tab at the top of the page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 450
Step 4 - Configure and request a new Tomcat server VM
Once you've returned to vRA, click the Applications Service item in the Navigation widget.
From the vLab Development catalog window, click the CentOS - Puppet - Tomcat catalog item's Request tab.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 451
Load request configuration wizard
From the Tomcat VM's New Request wizard page, accept the default settings and click Submit
Submit.
When the request confirmation window appears, click OK to return to the Catalog page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 452
Step 5 - Open the Requests page
On the Requests page, you'll see the deployment status of your new VM, showing In Progress
Progress.
NOTE: The full deployment cycle - creating a new VM and deploying the Tomcat binaries - should take 5-10 minutes to
complete.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 453
Step 6 - Track deployment status in vCenter Orchestrator
Click the VMware vCenter Orchestrator button on the taskbar at the bottom of the desktop to return to the vCO client.
In the right-hand panel of the vCO client, click the Schema tab
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 454
Track workflow status
When the VM provisioning operation completes, vRO will automatically launch the Puppet workflows to install a
Puppet agent and then deploy Tomcat binaries to the VM.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 455
Confirm workflow completion
When the installation completes (should take 5-7 minutes), the workflow icon will change from running (green
triangle) to completed (green checkmark), indicating the successful deployment of a new Linux VM with Tomcat
installed automatically.
Click the Firefox browser button on the taskbar to return to vRealize Automation.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 456
Reload the Requests status page
Troubleshooting
If the Tomcat server deployment fails, it may be due to a startup or service failure on the Puppet Enterprise master
server. To restart the server and attempt the request again, please turn to the Troubleshooting section at the end of the
lab guide and refer to the restart procedure in the Restarting the Puppet Master Server Exercise.
To confirm the successful deployment of a Tomcat web server, you'll use a web browser to connect to the new VM's IP
address. To find the new VM's IP address, click the Items tab in vRA.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 457
Open the VM's Details page
On the Machines page, you'll see a VM with a Tomcat icon, corresponding to the new VM you just deployed.
NOTE: VM names in your environment may differ from those shown in this Guide. If there are multiple Tomcat VMs in
the Machines inventory, use the Date Created value in the right column to identify the VM you just provisioned.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 458
Open VM's Network properties page
You'll see the new VM's IP address, which was automatically assigned by vRA during the deployment process.
Highlight the IP address, which you'll use to connect to the VM in the next step, and Copy it to your clipboard.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 459
Step 9 - Connect to the new VM's webpage
In the Address window of the new browser tab, paste the VM's IP address, and append :8080 to the end to connect to
the Tomcat server management port.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 460
Confirm Tomcat server webpage
You'll see the Tomcat server management page appear, confirming that Tomcat has been successfully installed on the
new VM.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 461
Initiate VM destruction sequence
From the VM's Details page, click the Destroy link to delete the VM.
Confirm request
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 462
Acknowledge submission
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 463
Close the VM's Details page
From the VM's Details page, click the Close button to return to the Items inventory.
Summary
In addition to the more familiar IaaS capabilities of the Enterprise Hybrid Cloud - storage provisioning, self-service VM
deployments, IT governance and approval support - you can also leverage third-party integration tools, such as Puppet
Enterprise, to automate application deployments. This means that, while maintaining IT ownership and control over
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 464
deployment processes and user entitlements, you can provide rapid service rollouts, business-critical workloads at
scale, and even complex multi-tier application stacks directly to your business customers.
With the flexibility and power of Puppet Enterprise, your Enterprise Hybrid Cloud solution can deliver even greater
service agility, power, and value to IT and customers alike.
Based on the concepts you explored in this Lab, you may be interested in the following additional Labs, which offer
more in-depth experience with some related topics:
The overall process of managing a virtual machine from deployment to retirement is covered in detail in Lab
C.1 - Virtual Machine Lifecycle Management
Management.
To see how an Enterprise Hybrid Cloud can be configured to automate the requisition and deployment of
complex, secure web applications, please see Lab C.2 - Deploy Applications and Services with VMware NSXNSX.
For a look at how automated services and policies can be applied to end-user VMs as part of the deployment
process, complete Lab B.3 - Integrated CMDB Management with ServiceNow and Lab C.4 - Securing VM Data
Using CloudLink
CloudLink.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 465
Lab C.4 - Securing VM Data Using
CloudLink
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 466
Exercise C.4.1 - Connect to the Cloud Experience Center and launch the
demo
You may already be familiar with the Enterprise Hybrid Cloud's optional data protection modular add-on features:
By integrating CloudLink's volume-encryption capabilities into your cloud environment, you can also protect your
sensitive corporate data from unauthorized access or theft. In this Lab, you will use the Cloud Experience Center to see
how to provision and manage virtual machines that use volume-level encryption to secure business data.
Due to the highly virtualized nature and limited size of the vLab environment, however, this lab session is unable to
support anything beyond local IaaS and limited-scope application deployment blueprints. To demonstrate some
additional uses and capabilities of a Enterprise Hybrid Cloud, we've created a number of interactive demos,
accessible through the Cloud Experience Center at http://interactivedemos.emc.com/ehc, which you can step through
as part of your lab experience today.
NOTE: You may already have the Cloud Experience Center loaded from a previous Lab. If so, skip this Exercise and
proceed directly to Exercise B.3.2 to continue.
You'll begin by opening a new Chrome browser instance from the Windows Taskbar.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 467
Exercise C.4.2 - Provisioning a New VM with CloudLink Encryption
In this Exercise, you'll provision a Windows 2012 Server virtual machine that leverages a CloudLink security policy.
You'll assign an encryption setting during the deployment process to secure the VM's System and Data volumes, and
then monitor the deployment process to completion and validate the VM's security status.
Virtual machines deployed from the Windows Server 2012 VM with CloudLink enabled volume encryption catalog item
use a standard IaaS blueprint. Once the VM is deployed, CloudLink will launch an agent inside the VM that
automatically encrypts the VM's volume(s) according to the policy that we'll specify when we request the VM.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 468
Select the first demo
When the pop-out submenu appears, select Provision an Encrypted VM to launch the demo.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 469
Step 2 - Request a Windows VM with CloudLink security
When the Service Catalog page opens, click the Virtual Servers item in the navigation widget on the left side of the
page.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 470
Launch the New VM wizard
When the Virtual Servers catalog page loads, click the W2K12-CloudLink catalog item's Request button.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 471
Step 3 - Configure VM settings
Since this is a multi-site environment, you'll need to specify the target location for the new VM.
Click the Location field's drop-down button, and choose CTC MR31 EHC Private from the menu.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 472
Set the VM's CloudLink Encryption Policy
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 473
Confirm request submission
Click OK open the Requests tab and view the status of the request.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 474
Step 4 - Track the request
The Requests page will show the new CloudLink Windows VM deployment request as currently In Progress
Progress.
Click the Refresh button at the bottom of the page to reload the page and update the status.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 475
Confirm successful deployment
The status of the request will update to Successful confirming the deployment of the Windows VM.
Click the Items tab at the top of the page to see the new VM.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 476
Click anywhere on the page to open the CloudLink Center administration console, where you'll track the new Windows
VM's volume encryption progress.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 477
Step 5 - Open the CloudLink Center administration console
NOTE: This portion of the Exercise is a click-through demo. Regardless of where the cursor is on the page, clicking the
mouse will advance to the next step.
You'll see the CloudLink Center administration console's Home page, giving a dashboard view of our environment's
current CloudLink status.
Click anywhere on the page to open the SecureVM page, then click a second time to open the Virtual Machines page,
where you'll track the encryption progress of the new Windows VM.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 478
View managed machines
Now that CL-WIN36 has deployed, CloudLink will be notified that there is a new VM awaiting encryption.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 479
Discover new VM
Once CloudLink adds the new VM to its inventory, it will connect to the VM and launch an agent to begin encrypting
the VM's volumes in accordance with the policy you configured in Step 3 above.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 480
View details of new VM
You'll the expanded view of the VM, showing (1) its configuration settings (IP address, operating system, security
policy) and current encryption status.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 481
Complete encryption operation
Once the encryption of the C: drive completes, the VM has been fully encrypted by CloudLink and is now compliant
with its assigned security policy.
Click anywhere on the page to return to the Items page in vRealize Automation.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 482
Summary
Data protection, using volume-level encryption from CloudLink, is as simple as requesting a VM from the catalog.
Cloud-enabled automation can deploy VMs, protect against data loss (using integrated backup), and protect against
unauthorized data access (using integrated encryption).
Click anywhere on the page to advance to the next demo, and proceed to Exercise C.4.3
C.4.3, in which you'll add a new
volume to the DCL-WIN36 VM that you just provisioned.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 483
Exercise C.4.3 - Add a New Volume to a VM
In this Exercise, you'll add a new volume to the Windows VM you deployed in Exercise C.4.2
C.4.2, and then watch
CloudLink automatically discover and encrypt the new volume.
From the previous Exercise, you should be on the Machines page, where the CL-WIN36 VM is the only item in the
inventory.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 484
Reconfigure the VM
From the VM's Item Details page, click the Reconfigure hyperlink in the Actions menu.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 485
Create a volume
From the Storage page, click the New Volume link in the upper right corner of the page.
1. In the Capacity window of the New Volume row, enter 40 to set the new volume size to 40GB.
2. Click the drop-down button in the Storage Reservation Policy window, and select Diamond from the menu.
3. Click the green check symbol at the left end of the new entry to save the New Volume settings.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 486
Submit the request
Click the OK button to open the Requests tab to view the status of the request.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 487
Step 3 - Monitor the request
When the Requests page loads, you'll see the Reconfigure request at the top of the list, with its current status set to In
Progress
Progress.
Click the Refresh button at the bottom of the page to reload the page and update the status.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 488
Confirm request success
Click anywhere on the page to return to the CloudLink Center administration console's Virtual Machines page, where
you'll track the new volume's encryption status.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 489
Step 4 - Open the CloudLink Center administration console
On the SecureVM > Virtual Machines page of the CloudLink Center administration console, you'll see the CL-WIN36
Windows VM, still highlighted from the previous Exercise, with both its C: and D: volumes successfully encrypted.
Once CloudLink has been notified of the existence of a new volume, it will connect to the VM and encrypt the drive
automatically.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 490
View the new volume encryption
Once encryption has been successfully completed, click anywhere on the page to connect to the CL-WIN36 VM directly
and verify volume encryption from within Windows.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 491
Step 5 - Verify volume encryption
The CloudLink Center window will close, and a Windows RDP session will open in its place, showing a blank Windows
desktop.
NOTE: This portion of the Exercise is set on auto-drive, so clicking the mouse will advance automatically, regardless of
the cursor's position in the window.
In this Step, you'll confirm the encryption of the VM's local volumes through the operating system. Click anywhere on
the page to continue.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 492
Confirm the SecureVM agent settings
The CloudLink SecureVM agent window will open on the desktop, showing that all three local volumes (the original C:
and D: drives, plus the F: volume that you added in this Exercise) are encrypted
encrypted.
Click anywhere on the page to continue. When the SecureVM agent window closes, click again to advance, and
continue until the Windows Explorer window opens on the desktop.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 493
Confirm encryption in Windows Explorer
In Windows Explorer
Explorer, the open padlock icon next to each volume indicates that the volume is both encrypted and
write-enabled, in compliance with the VM's CloudLink security policy that you assigned in Exercise C.4.2
C.4.2.
Click anywhere on the page to return to the Items window in vRealize Automation.
The security policy associated with this VM, which you set in Exercise C.4.2
C.4.2, requires all volumes to be encrypted. Any
additional volumes created on this VM will be automatically encrypted on deployment using the same process.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 494
Cloud users (administrators, business managers, customers) can use this VM, and similarly configured VMs, for
securely hosting sensitive data, confident that CloudLink is protecting their data from unauthorized access or theft.
When finished, unless you plan to continue directly to Lab B.3 or Lab C.4
C.4, close the Chrome web browser to improve
performance in the Firefox-based labs.
Summary
The security policy associated with this VM, which you set in Exercise C.4.2
C.4.2, requires all volumes to be encrypted. Any
additional volumes created on this VM will be automatically encrypted on deployment using the same process.
Cloud users (administrators, business managers, customers) can use this VM, and similarly configured VMs, for
securely hosting sensitive data, confident that CloudLink is protecting their data from unauthorized access or theft.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 495
To see how to create new backup services, complete Lab B.2 B.2.
A demonstration of how to integrate self-service VM provisioning with enterprise CMDB management using
ServiceNow is available in Lab B.3
B.3.
For an overview of the VM lifecycle, from provisioning to disposal, see Lab C.1
C.1.
To see how to provision VMs and applications that use NSX security and load balancing, please continue to
Lab C.2
C.2.
For more information on how to integrate application deployment and configuration operations into the VM
provisioning process, complete Lab C.3.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 496
Troubleshooting
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 497
Troubleshooting and Tips
This section provides general suggestions and tips to resolve some issues that may arise in this lab before opening a
support ticket with the vLab team.
Since this is a fully functional cloud environment, many of the standard infrastructure- and cloud-management tools
and applications have been included and enabled. A certain level of technical proficiency is assumed for users of this
lab environment, so instructions in this Troubleshooting guide are limited to connecting and authenticating only.
Please exercise caution when adjusting or rebooting components and configurations using these tools. There are a
number of interdependencies in this solution stack, and any misstep could bring down the entire lab environment. If
you aren't completely comfortable carrying out any of these steps, please open a ticket with the vLab team before
continuing.
Troubleshooting guidelines
In many cases, issues with pages not loading or displaying correctly can be resolved by reloading the page. To do this,
hit the F5 key on your keyboard with the browser window active, or click the Refresh button to the right of the
browser's address window.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 498
Restarting Lab Solution Components
If refreshing / reloading the webpage does not resolve the issue, it may be necessary to restart the lab component(s)
that support the service you are trying to use. Of these components, only the vROps and ViPR vApps are managed by
the environment's own vCenter instance. To restart either of those components, just restart the VM or vApp associated
with that component in vCenter. Instructions for connecting to vCenter are included below.
WARNING: The EHC-vCC vApp is included in this environment for demonstration purposes only. Launching the vcc
vApp, or using the vCenter client to take any action against any VM/vApp other than the vrops and vipr will render your
entire lab environment unusable and unrecoverable.
On the desktop of your console, you'll find an icon for launching the VMware vSphere Client
Client. To launch the client,
double-click the icon.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 499
Login using Windows credentials
1. If it isn't selected already, click the Use Windows session credentials box to log in as the VLAB\Administrator
user.
2. Click Login
Login.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 500
VMware vSphere Web Client
If you prefer the interface or features of the vSphere Web Client, a link has been included in the bookmarks bar of your
Firefox browser. To open the Web Client, click the vCenter Web Client button.
When the login page loads, log in as vlab\administrator with a password of Password123! and click Login
Login.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 501
VMware vCenter Orchestrator client
The VMware vCenter Orchestrator (vCO) client can be used for monitoring and troubleshooting failed workflows. To
launch the vCO client:
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 502
2. Verify the user name is set to cloud_admin@vlab.local
3. Use Password123! as the login password
4. Click the Login button.
If you wish to log in directly to the EMC ViPR management console, either for troubleshooting purposes or to remove
provisioned storage from the cloud resource pool, click the EMC ViPR button in the bookmarks bar of the Firefox
browser.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 503
Provide authentication credentials
Remote-Desktop Protocol (RDP) and Secure Shell (SSH) console access can be gained using the included mRemoteNG
management tool, the default Windows Remote Desktop Connection client (mstsc.exe), or PuTTY. A shortcut button to
launch PuTTY has been included in the Windows Taskbar to the right of the Start button.
To open the mRemoteNG tool, double-click the mRemoteNG icon on the desktop.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 504
mRemote launch pane
When the mRemote tool has loaded, you'll see a list of available VMs that you can access from the launch pane on the
left.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 505
Use mRemote tool to connect to any component VM
To connect to any of the available VMs, right click on its entry in the launch pane, and click Connect from the pop out
menu. Connection protocol (e.g. RDP or SSH) and login credentials have been preconfigured for each system, so login
should be automatic.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 506
Additional systems information
Some components use custom URLs or client applications for administration rather than console access. The full list of
systems, including URLs and login credentials, can be downloaded as a standalone PDF file from this lab's collateral
page on the vLab portal.
Additional assistance
If you require additional troubleshooting help beyond what's covered in this chapter, or if you are unable to resolve a
supported lab issue using the tools available, please open a support ticket through the EMC vLab portal's Quick Links
widget.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 507
Resetting Avamar Services in the Lab Environment
Due to the highly virtualized and resource-constrained nature of the vLab environment, you may find that some
services destabilize, particularly in vLab sessions that are more than 1-2 weeks old. In particular, you may see failures
in On-Demand Backup and On-Demand Restore operations (Lab Lab C.1
C.1, Exercise C.1.4
C.1.4). If you do see Failed requests in
the self-service portal when you attempt to perform on-demand VM backup and restore operations, you may find that
restarting Avamar and Avamar proxy services resolves the issue.
This Exercise will walk you through the process of resetting Avamar services.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 508
Step 1 - Open the Windows Task Scheduler
1. Click the Windows Start button in the lower left corner of the desktop.
2. Click Task Scheduler from the Start menu.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 509
Step 2 - Restart and register Avamar and proxy services
When the Task Manager opens, click the Task Scheduler Library folder.
In the Task window, locate the Restart_AVE_MCS task, then right-click on the task and select Run from the popout
menu.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 510
Reload the Task window
After starting the task, right click on the white space at the bottom of the Task window and select Refresh from the
popout menu.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 511
Step 3 - Wait for task to complete
Allow the task to run to completion (approximately 3-5 minutes). Refresh the task window again until the task status
returns to Ready
Ready.
Re-run the original on-demand backup or on-demand restore task in Lab C.1, Exercise C.1.4
C.1.4.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 512
Launching the Avamar Administrative Console
Based on the nature of certain demos, you may find it necessary to launch the Avamar Administrator management
console in your environment.
If you attempt to use the desktop icon in your environment, you'll see it doesn't load the application.
Instead, you'll see an error message indicating the application failed to load. Click OK to return to the desktop.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 513
Use the Start Menu to launch the Avamar Administrative Console application
To load a working instance of the Avamar Administrative Console, click the Start button on the desktop.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 514
Navigate to a working shortcut
From the Start menu, browse to All Programs > EMC Avamar > Administrator > 7.1.0-302 > Avamar Administrator
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 515
Log in to the Avamar Administrator application
When the login screen appears, log in using the following settings:
Click the Log On button to submit your credentials and log into EMC Avamar.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 516
Continue into the application
From here, you can use the Avamar management console as appropriate.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 517
Restarting the Mail Server
Due to the complex and highly virtualized nature of the vLab environment, there are occasionally sessions in which
one or more component VMs failed to start or initialize properly. If a submitted backup or restore request operation
returned a Failed result due to an unreachable mail server, then the mail server did not start up completely when the
vLab environment was created.
This exercise will walk you through the process of restarting the mail server in the vLab environment.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 518
Open the mRemoteNG connection client
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 519
Connect to the mail server VM via SSH
In the Connections window, right-click the Mail entry and choose Connect from the popout menu.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 520
Restart the mail server
Connection and credential information for all component VMs and appliances in the environment have been pre-
configured.
In the session window, enter shutdown -r now <Enter> to restart the server.
The mail server should take 3-5 minutes to restart and come back online, after which VM backup and restore
operations should complete successfully again.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 521
Restarting the Puppet Master Server
Due to the complex and highly virtualized nature of the vLab environment, there are occasionally sessions in which
one or more component VMs failed to start or initialize properly. If a Tomcat server deployment request (Lab
Lab C.3
C.3)
returns a Failed result, then it may be that the Puppet master server did not start up completely when the vLab
environment was created.
This exercise will walk you through the process of restarting the Puppet master server in the vLab environment.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 522
Open the mRemoteNG connection client
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 523
Connect to the mail server VM via SSH
In the Connections window, right-click the Puppetmaster entry and choose Connect from the popout menu.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 524
Restart the Puppet master server
Connection and credential information for all component VMs and appliances in the environment have been pre-
configured.
In the session window, enter shutdown -r now <Enter> to restart the server.
The mail server should take 3-5 minutes to restart and come back online, after which Tomcat server deployment
requests should complete successfully again.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 525
Deleting failed requests from the vRealize Automation history
You may have noticed that submitted requests cannot be deleted from the Requests history using the vRA portal tools.
While an unsubmitted (e.g. Saved
Saved) request can be removed using the Delete button, that option is grayed out for
submitted requests, regardless of whether the request was successful or not.
Using the command-line psql utility, it is possible to remove recent (i.e. less than about 90 days old) requests,
including failed submissions, from the vRealize vPostgres database directly, which results in those requests also
being removed from the vRA Requests history. Whether you're looking to stage a cleaner demo environment, or to
erase a window in your request history where you were attempting to validate new and updated catalog items and
workflows, it may be necessary at times to delete failed requests from the vRealize Automation request history.
This exercise will step you through the process of removing a single request item from the vPostgres database.
From the Requests page, locate the Failed request's ID number and note it for later in the Exercise.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 526
Connect to the vRealize Automation appliance via SSH
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 527
Open a vRA console session
In the Connections window, right-click the vRA line item and choose Connect from the popout menu.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 528
cd /opt/vmware/vpostgres/9.2/bin/ <Enter>
From the /opt/vmware/vpostgres/9.2/bin/ directory prompt, open the vPostgres editing utility as the vcac user.
At the vcac=> prompt, query the vPostgres database for the request ID of the failed workflow, using the workflow
request number from the vRA Requests page that you noted at the beginning of this Exercise.
SELECT id,requestnumber FROM cat_request where requestnumber = '<failed workflow ID>'; <Enter>
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 529
Note the id number of the failed request
You'll see an ASCII table showing the request ID in the left column, and the corresponding vRA workflow ID in the right
column.
Using your mouse pointer, highlight the request ID in its entirety, ensuring no space or overlap are highlighted on
either end. You'll use this highlighted value for the remainder of the Exercise.
From the prompt, execute the following command, using the right-click paste feature to insert the request ID between
the single quote marks:
delete from cat_requestevent where request_id = '<right-click to paste the highlighted ID number
here>'; <Enter>
You'll see a return code indicating how many instances of the record were deleted from the previous command
(typically 4).
From the prompt again, execute the following command, again using the right-click paste feature (ensuring the request
ID is still highlighted) to insert the request ID between the single quote marks:
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 530
delete from cat_request where id = <right-click to paste the highlighted ID number here>'; <Enter>
NOTE: Requests that are older than about 90 days old cannot be deleted from the vPostgres database using this
method. If a request has aged beyond its deletion window, you'll see an error indicating the record is still referenced
from elsewhere.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 531
Confirm deletion of the failed workflow
Switch back to the vRealize Automation browser session and reload the Requests page using the Refresh button.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 532
Verify removal of failed workflow
You'll see the failed workflow has been removed from the Requests history.
To quit the vPostgres editing utility, return to the mRemoteNG terminal client and run the following command in the
vRA session:
\q <Enter>
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 533
Close the terminal client
Click to close the mRemoteNG terminal client and return to the browser window.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 534
Conclusion
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 535
Summary
The Enterprise Hybrid Cloud empowers IT to be a broker of cloud services, providing the control and visibility that IT
organizations need, and the on-demand self-service that developers and application users expect. Users can easily
provision standardized services directly from an application marketplace portal, with upfront pricing. Delivering these
resources from private and public clouds whatever the workload calls for all built on policies set by IT. This ensures
application workloads are placed in the right cloud, with the right cost, security, and performance.
Beyond delivering baseline Infrastructure-as-a-Service, an Enterprise Hybrid Cloud delivers feature-rich capabilities to
expand from Infrastructure-as-a-Service (IaaS), to business-enabling IT-as-a-Service. Application-as-a-Service, Backup-
as-a-Service, and Disaster Recovery-as-a-Service are now just policies and blueprints that can be enabled with a few
clicks.
End-users and developers can quickly gain access to a marketplace of application resources, from Microsoft, Oracle,
SAP, and Pivotal, as well as the ability to add 3rd-party packages and integrations as needed. All of these resources
can be deployed on private cloud or public-cloud services from EMC-powered cloud service providers.
If you would like to get additional, in-depth with some of the individual components of the Federation Enterprise
Hybrid Cloud solution, visit the EMC vLab portal at https://portal.demoemc.com, and request one or more of these
available labs:
Conclusion
Thank you for taking time to walk through this vLab. We hope you've seen how easy EMC has made some formerly
complex services, by moving them to a Cloud Solution model that leverages unique integration features that are only
available from EMC. By offering services that your end users demand, youll enable them to react quickly to business
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 536
needs. At the same time, you can reduce the cost, risk, and performance challenges that are attributed to public cloud
services.
Integrated data-protection capabilities, automated and exposed to both the cloud administrator and the end user, is a
core component of what makes this model much simpler. When the Cloud Admin can create new backup policies and
retention scopes in just a few clicks, thats simple. When an end user can perform on-demand backup and restore
operations, thats simple.
At EMC, we've worked hard to make storage provisioning and management easier for the cloud administrator. By
integrating the management and monitoring views of the storage environment into the vCenter Operations console, we
can add intelligent analytics at the same time as we reduce the number of monitoring consoles and alerts that the
administrator needs to manage.
Additional Resources
Theres plenty more to learn about the Enterprise Hybrid Cloud Solution. Here are some great resources you can use to
learn more:
https://www.emc.com/cloud/hybrid-cloud-computing/
Or connect with your local field engineer or EMC vSpecialist for more information.
General Release - Enterprise Hybrid Cloud 3.5 for Business and IT Agility Page 537