Trending Topics

VMware on AWS - How to restore NSX DFW firewall rules to previous state

Customers who uses NSX day-in, day-out would like to have a point-in time restore functionality of DFW firewall rules. Many customer have a large footprints in VMC and make changes to DFW quite often. This feature was missing for long time and we could see its included in recent versions . Let's see how DFW configuration roll back works  NSX DFW configuration has versioning, and it is stored in the NSX Manager.  Every time when someone update DFW configuration, NSX creates one more version but keep storing the previous ones. You can rollback for previous config but reapplying it once again.  You can find the options under Networking & Security tab , > Security > Distributed Firewall . In the right side we see an Actions drop down. Choose View to get to the below screen.  Let’s go through the use case:  1. Original state- default config with no custom rules:  a. There are no saved configurations during last 30 days: In my existing test setup, with the current setting

vRA 7.5 Installation steps - Back to Basics

vRealize Automation Installation Overview

You can install vRealize Automation to support minimal, proof of concept environments, or in different sizes of distributed, enterprise configurations that are capable of handling production workloads. Installation can be interactive or silent.

After installation, you start using vRealize Automation by customizing your setup and configuring tenants, which provides users with access to self-service provisioning and life-cycle management of cloud services

New in this vRealize Automation Installation:

If you installed earlier versions of vRealize Automation, be aware of changes in the installation process for this release. 

This release simplifies the vRealize Automation appliance node removal process. 
The vRealize Automation appliance administration interface has changed. 
Database tab features have moved to the Cluster tab. The Database tab has been removed, and the Cluster tab has become a primary tab. 
The Migration tab has become a primary tab and now includes vRealize Automation and vRealize Orchestrator migration. 
The support bundle option has moved to the Logs tab. 
vRealize Code Stream has been removed from the Licensing tab.

The vRealize Automation Appliance
The vRealize Automation appliance is a preconfigured Linux virtual appliance. The vRealize Automation
appliance is delivered as an open virtualization file that you deploy on existing virtualized infrastructure
such as vSphere.
The vRealize Automation appliance performs several functions central to vRealize Automation.

  • The appliance contains the server that hosts the vRealize Automation product portal, where users log in to access self-service provisioning and management of cloud services.
  • The appliance manages single sign-on (SSO) for user authorization and authentication.
  • The appliance server hosts a management interface for vRealize Automation appliance settings.
  • The appliance includes a preconfigured PostgreSQL database used for internal vRealize Automation appliance operations.    
  • The appliance includes a preconfigured instance of vRealize Orchestrator. vRealize Automation uses vRealize Orchestrator workflows and actions to extend its capabilities. 
  • The appliance contains the downloadable Management Agent installer. All Windows servers that make up your vRealize Automation IaaS must install the Management Agent.

           In large deployments with redundant appliances, the secondary appliance databases serve as replicas to provide high availability.
         The embedded instance of vRealize Orchestrator is now recommended. In older deployments or special cases, however, users might connect vRealize Automation to an external vRealize Orchestrator instead.

The Management Agent registers IaaS Windows servers with the vRealize Automation appliance,

automates the installation and management of IaaS components, and collects support and telemetry

In this blog post we are going to see the basics steps of vRA 7.5 setup/installation

Deploy the vRealize Automation Appliance

Before you can take any of the installation paths, vRealize Automation requires that you deploy at least one vRealize Automation appliance.

To create the appliance, you use the vSphere Client to download and deploy a partially configured virtual machine from a template. You might need to perform the procedure more than once, if you expect to create an enterprise deployment for high availability and failover. Such a deployment typically has multiple vRealize Automation appliances behind a load balancer.

Log in to the vSphere Client with an account that has permission to deploy OVF templates to the inventory.

Download the vRealize Automation appliance .ovf or .ova file to a location accessible to the vSphere Client.

Select the vSphere Deploy OVF Template option.
Enter the path to the vRealize Automation appliance .ovf or .ova file.

Enter an appliance name and inventory location.
When you deploy appliances, use a different name for each one, and do not include non-alphanumeric characters such as underscores ( _ ) in names.

Select the host and cluster in which the appliance will reside.

Read and accept the end-user license agreement.

Select the storage that will host the appliance.
Select a disk format.
Thick formats improve performance, and thin formats save storage space.

Format does not affect appliance disk size. If an appliance needs more space for data, add disk by using vSphere after deploying.

From the drop-down menu, select a Destination Network.

Complete the appliance properties.
Enter and confirm a root password.
The root account credentials log you in to the browser-based administration interface hosted by the appliance, or the appliance operating system command-line console.

Select whether or not to allow remote SSH connections to the command-line console.
Disabling SSH is more secure but requires that you access the console directly in vSphere instead of through a separate terminal client.

For Hostname, enter the appliance FQDN.
For best results, enter the FQDN even if using DHCP.

vRealize Automation supports DHCP, but static IP addresses are recommended for production deployments.

In Network Properties, when using static IP addresses, enter the values for gateway, netmask, and DNS servers. You must also enter the IP address, FQDN, and domain for the appliance itself, as shown in the following example.

Review the settings and submit the request

When you submit the request the deployment work flow starts. This workflow firstly deploys the appliance and once the deployment finishes the VM will be powered ON. You can watch the installation/initialisation steps in the console.

The initial setup would take few minutes and VM lands in initial/welcome screen.

Start the wizard by logging in as root to the vRealize Automation appliance administration interface.

As you login, the vRealize automation appliance configuration wizard starts,

Accept the license agreement

On the Deployment Type page, you decide which vRealize Automation components, and how many of each, you want to install.

Minimal deployments use just one vRealize Automation appliance and one Windows server that hosts IaaS components. In minimal deployments, you may host the IaaS database on a separate SQL Server system, or install SQL on the IaaS Windows server.

You cannot convert a minimal deployment to an enterprise deployment. To scale a deployment up, start with a small enterprise deployment, and add components to that. Starting with a minimal deployment is not supported.

Enterprise deployments involve multiple, separate appliances and Windows hosts, typically with load balancing. Enterprise deployments also permit you to host the IaaS database on a separate SQL Server system or on one of the IaaS Windows servers.

When you select an enterprise deployment, additional Installation Wizard pages appear in the summary list at the left of the wizard.

Infrastructure as a Service
The Infrastructure as a Service (IaaS) option selects whether or not to configure existing Windows machines with vRealize Automation modeling and provisioning capabilities.

When you select IaaS, additional Installation Wizard pages appear in the summary list at the left of the wizard.

IaaS Windows Servers
For a Windows machine to serve as an IaaS component host, you must download and install vCAC-IaaSManagementAgent-Setup.msi on the Windows machine.
Management Agent installation requires communication with a running vRealize Automation appliance. Each time that you install the Management Agent on Windows, that system becomes uniquely tied to the specific appliance and deployment.
Potential IaaS Windows servers that have the correct Management Agent installed appear under Discovered Hosts.

To have the Installation Wizard ignore a discovered host, click Delete. Deleting a Windows host does not remove its Management Agent. To uninstall the agent, use the Add or Remove Programs feature directly in Windows.

Start the agent installation in the windows machine to finish the agent setup

Location to install the agents

Suffice the details of the vRA appliance , credentials to login to the vRA and also the certificate ( if you use custom certs then the host names should match the windows instance)

Service account details of the local windows instance/account

Once the installation finishes, switch back to the vRA 7.5 configuration wizard and look for the agent status.

As above you would be able to see the last sync details of the agent with the vRealize automation appliance.

Proceed with the configuration of Iaas and the DB. Further steps are pretty much easier as like the previous versions and I would cover the screen shots in the next thread.

To be continued ...... 

Popular posts from this blog


DNS Scavenging.

AD LDS – Syncronizing AD LDS with Active Directory