Trending Topics

VMware on AWS - How to restore NSX DFW firewall rules to previous state

Image
Customers who uses NSX day-in, day-out would like to have a point-in time restore functionality of DFW firewall rules. Many customer have a large footprints in VMC and make changes to DFW quite often. This feature was missing for long time and we could see its included in recent versions . Let's see how DFW configuration roll back works  NSX DFW configuration has versioning, and it is stored in the NSX Manager.  Every time when someone update DFW configuration, NSX creates one more version but keep storing the previous ones. You can rollback for previous config but reapplying it once again.  You can find the options under Networking & Security tab , > Security > Distributed Firewall . In the right side we see an Actions drop down. Choose View to get to the below screen.  Let’s go through the use case:  1. Original state- default config with no custom rules:  a. There are no saved configurations during last 30 days: In my existing test setup, with the current setting

vRA 7.5 Installation steps - Back to Basics


vRealize Automation Installation Overview

You can install vRealize Automation to support minimal, proof of concept environments, or in different sizes of distributed, enterprise configurations that are capable of handling production workloads. Installation can be interactive or silent.

After installation, you start using vRealize Automation by customizing your setup and configuring tenants, which provides users with access to self-service provisioning and life-cycle management of cloud services

New in this vRealize Automation Installation:

If you installed earlier versions of vRealize Automation, be aware of changes in the installation process for this release. 

This release simplifies the vRealize Automation appliance node removal process. 
The vRealize Automation appliance administration interface has changed. 
Database tab features have moved to the Cluster tab. The Database tab has been removed, and the Cluster tab has become a primary tab. 
The Migration tab has become a primary tab and now includes vRealize Automation and vRealize Orchestrator migration. 
The support bundle option has moved to the Logs tab. 
vRealize Code Stream has been removed from the Licensing tab.

The vRealize Automation Appliance
The vRealize Automation appliance is a preconfigured Linux virtual appliance. The vRealize Automation
appliance is delivered as an open virtualization file that you deploy on existing virtualized infrastructure
such as vSphere.
The vRealize Automation appliance performs several functions central to vRealize Automation.
  • The appliance contains the server that hosts the vRealize Automation product portal, where users log in to access self-service provisioning and management of cloud services.
  • The appliance manages single sign-on (SSO) for user authorization and authentication.
  • The appliance server hosts a management interface for vRealize Automation appliance settings.
  • The appliance includes a preconfigured PostgreSQL database used for internal vRealize Automation appliance operations.    
  • The appliance includes a preconfigured instance of vRealize Orchestrator. vRealize Automation uses vRealize Orchestrator workflows and actions to extend its capabilities. 
  • The appliance contains the downloadable Management Agent installer. All Windows servers that make up your vRealize Automation IaaS must install the Management Agent.
           In large deployments with redundant appliances, the secondary appliance databases serve as replicas to provide high availability.
         The embedded instance of vRealize Orchestrator is now recommended. In older deployments or special cases, however, users might connect vRealize Automation to an external vRealize Orchestrator instead.

 The Management Agent registers IaaS Windows servers with the vRealize Automation appliance,
automates the installation and management of IaaS components, and collects support and telemetry
information.
In this blog post we are going to see the basics steps of vRA 7.5 setup/installation

Deploy the vRealize Automation Appliance

Before you can take any of the installation paths, vRealize Automation requires that you deploy at least one vRealize Automation appliance.

To create the appliance, you use the vSphere Client to download and deploy a partially configured virtual machine from a template. You might need to perform the procedure more than once, if you expect to create an enterprise deployment for high availability and failover. Such a deployment typically has multiple vRealize Automation appliances behind a load balancer.

Prerequisites
Log in to the vSphere Client with an account that has permission to deploy OVF templates to the inventory.

Download the vRealize Automation appliance .ovf or .ova file to a location accessible to the vSphere Client.

Procedure
Select the vSphere Deploy OVF Template option.
Enter the path to the vRealize Automation appliance .ovf or .ova file.


Enter an appliance name and inventory location.
When you deploy appliances, use a different name for each one, and do not include non-alphanumeric characters such as underscores ( _ ) in names.




Select the host and cluster in which the appliance will reside.




Read and accept the end-user license agreement.



Select the storage that will host the appliance.
Select a disk format.
Thick formats improve performance, and thin formats save storage space.

Format does not affect appliance disk size. If an appliance needs more space for data, add disk by using vSphere after deploying.




From the drop-down menu, select a Destination Network.



Complete the appliance properties.
Enter and confirm a root password.
The root account credentials log you in to the browser-based administration interface hosted by the appliance, or the appliance operating system command-line console.

Select whether or not to allow remote SSH connections to the command-line console.
Disabling SSH is more secure but requires that you access the console directly in vSphere instead of through a separate terminal client.

For Hostname, enter the appliance FQDN.
For best results, enter the FQDN even if using DHCP.

Note:
vRealize Automation supports DHCP, but static IP addresses are recommended for production deployments.

In Network Properties, when using static IP addresses, enter the values for gateway, netmask, and DNS servers. You must also enter the IP address, FQDN, and domain for the appliance itself, as shown in the following example.



Review the settings and submit the request

When you submit the request the deployment work flow starts. This workflow firstly deploys the appliance and once the deployment finishes the VM will be powered ON. You can watch the installation/initialisation steps in the console.


The initial setup would take few minutes and VM lands in initial/welcome screen.


Start the wizard by logging in as root to the vRealize Automation appliance administration interface.


As you login, the vRealize automation appliance configuration wizard starts,


Accept the license agreement



On the Deployment Type page, you decide which vRealize Automation components, and how many of each, you want to install.

Minimal
Minimal deployments use just one vRealize Automation appliance and one Windows server that hosts IaaS components. In minimal deployments, you may host the IaaS database on a separate SQL Server system, or install SQL on the IaaS Windows server.

You cannot convert a minimal deployment to an enterprise deployment. To scale a deployment up, start with a small enterprise deployment, and add components to that. Starting with a minimal deployment is not supported.

Enterprise
Enterprise deployments involve multiple, separate appliances and Windows hosts, typically with load balancing. Enterprise deployments also permit you to host the IaaS database on a separate SQL Server system or on one of the IaaS Windows servers.

When you select an enterprise deployment, additional Installation Wizard pages appear in the summary list at the left of the wizard.

Infrastructure as a Service
The Infrastructure as a Service (IaaS) option selects whether or not to configure existing Windows machines with vRealize Automation modeling and provisioning capabilities.

When you select IaaS, additional Installation Wizard pages appear in the summary list at the left of the wizard.



IaaS Windows Servers
For a Windows machine to serve as an IaaS component host, you must download and install vCAC-IaaSManagementAgent-Setup.msi on the Windows machine.
Management Agent installation requires communication with a running vRealize Automation appliance. Each time that you install the Management Agent on Windows, that system becomes uniquely tied to the specific appliance and deployment.
Potential IaaS Windows servers that have the correct Management Agent installed appear under Discovered Hosts.


To have the Installation Wizard ignore a discovered host, click Delete. Deleting a Windows host does not remove its Management Agent. To uninstall the agent, use the Add or Remove Programs feature directly in Windows.



Start the agent installation in the windows machine to finish the agent setup



Location to install the agents

Suffice the details of the vRA appliance , credentials to login to the vRA and also the certificate ( if you use custom certs then the host names should match the windows instance)

Service account details of the local windows instance/account



Once the installation finishes, switch back to the vRA 7.5 configuration wizard and look for the agent status.


As above you would be able to see the last sync details of the agent with the vRealize automation appliance.

 Proceed with the configuration of Iaas and the DB. Further steps are pretty much easier as like the previous versions and I would cover the screen shots in the next thread.

 To be continued ...... 

Popular posts from this blog

HOW TO EDIT THE BCD REGISTRY FILE

Image
The BCD registry file controls which operating system installation starts and how long the boot manager waits before starting Windows. Basically, it’s like the Boot.ini file in earlier versions of Windows. If you need to edit it, the easiest way is to use the Startup And Recovery tool from within Vista. Just follow these steps: 1. Click Start. Right-click Computer, and then click Properties. 2. Click Advanced System Settings. 3. On the Advanced tab, under Startup and Recovery, click Settings. 4. Click the Default Operating System list, and edit other startup settings. Then, click OK. Same as Windows XP, right? But you’re probably not here because you couldn’t find that dialog box. You’re probably here because Windows Vista won’t start. In that case, you shouldn’t even worry about editing the BCD. Just run Startup Repair, and let the tool do what it’s supposed to. If you’re an advanced user, like an IT guy, you might want to edit the BCD file yourself. You can do this
Read more

DNS Scavenging.

                        DNS Scavenging is a great answer to a problem that has been nagging everyone since RFC 2136 came out way back in 1997.  Despite many clever methods of ensuring that clients and DHCP servers that perform dynamic updates clean up after themselves sometimes DNS can get messy.  Remember that old test server that you built two years ago that caught fire before it could be used?  Probably not.  DNS still remembers it though.  There are two big issues with DNS scavenging that seem to come up a lot: "I'm hitting this 'scavenge now' button like a snare drum and nothing is happening.  Why?" or "I woke up this morning, my DNS zones are nearly empty and Active Directory is sitting in a corner rocking back and forth crying.  What happened?" This post should help us figure out when the first issue will happen and completely avoid the second.  We'll go through how scavenging is setup then I'll give you my best practices.  Scavenging s
Read more

AD LDS – Syncronizing AD LDS with Active Directory

Image
First, we will install the AD LDS Instance: 1. Create and AD LDS instance by clicking Start -> Administrative Tools -> Active Directory Lightweight Directory Services Setup Wizard. The Setup Wizard appears. 2. Click Next . The Setup Options dialog box appears. For the sake of this guide, a unique instance will be the primary focus. I will have a separate post regarding AD LDS replication at some point in the near future. 3. Select A unique instance . 4. Click Next and the Instance Name dialog box appears. The instance name will help you identify and differentiate it from other instances that you may have installed on the same end point. The instance name will be listed in the data directory for the instance as well as in the Add or Remove Programs snap-in. 5. Enter a unique instance name, for example IDG. 6. Click Next to display the Ports configuration dialog box. 7. Leave ports at their default values unless you have conflicts with the default values. 8. Click N
Read more