In my last previous two posts on vCloud Automation Center (VC-AC or vCake if you prefer) I looked at ensuring you had the pre-requisites and doing the installation itself – suitable for PoC or HomeLab. Now I want to turn my focus to how you configure vCAC to speak to vCenter – vCAC has the ability to provision to whole host of resources – virtual, physical and cloud. But I imagine in the first instance it will be to vSphere that you might first turn.

With a clean installation there’s a couple of admin constructs to put together before you can deploy your first VM. These are:

• Credentials – These are the usernames/passwords used to authenticate to the resource. Interesting they held separately from the actual adding of the resource itself. 
• Endpoints – These are where the URLs or FQDNs of the resources are held, and once you’ve typed in the URL for the vCenter, you select the credentials you established earlier. That’s an interesting separation - because if your provisioning resources – vSphere, HyperV, Xen – use the same domain username/password to gain access – the credentials could be re-used. I bet in the real world were people have a hybrid sources for provisioning they have different username/password for additional security. Rather than one ring to rule them all.
• Install an Agent – Dependent on the resource in question – you will need to install an agent on the vCAC server to communicate through to the resource. vCAC has one single agent setup.exe – from within which you use radio buttons to select which resource you’re connecting to.
• Enterprize Group – This is system wide container that you can use to pull in existing VMs, vApps, Templates – and then advertise them to business units within the vCAC instance. If you know your way around vCloud Director I guess its akin to having an Org that just contains catalog which is then published to all other Orgs. I think the way vCAC does this is neater – because to do this in vCD you need to create an Org and a OrgvDC just to make collection of vApps available to every other Org in the same vCD instance – which seems somewhat contrived configuration – a workaround rather than by design. Just sayin’
• Machine Pre-fixes – This is one of the methods vCAC has for naming VMs, and it kinda reminds me a little like VMware Horizon View method of naming VMs in a virtual desktop pool – it allows prefix piece of text followed by a numbering mechanism to create machines with a naming convention like corphq001, corphq002 and so on which is fine for quick provisioning tests.
• Provisioning Group – Are method of controlling who has access to which resources by assigning AD groups to vCAC roles such as Manager, Support or User roles. Using these provisioning groups you can assign the Machine Prefixes and AD DSN Values to control users/groups can be added. Once created you assign allocations of number of VMs, CPU%, Memory% and Storage allocations using reservations.
• Reservations – As you would expect you can create reservations in vCAC and assign them to provisioning groups – the important thing here is unlike with say vCloud Director – tis doesn’t create resource pools on the VMware HA/DRS clusters. These reservations/allocations are monitored and tracked by vCAC – so if they are meet its vCAC that prevents them from being exceeded. If you like vCAC becomes the source of admission control to the tenants – although fundamentally it’s where those resources come from vSphere, vCloud Director, HyperV, Xen that decided if they are granted.
• BluePrints – Are VMs, collections of VMs or physical definitions that actually give the tenant something to select when they need a new compute resource – they are akin to vCloud Director vApp Templates or vSphere Templates. These blueprints also have security settings so you can control if someone can connect to the compute resource with SSH, RDP and so on – as well as many other privileges and rights. BluePrints can be defined by the Enteprize Admin and made Globally Available to every provisioning group, or they can be created by the Provisioning Group Manger and made available just to its members.
• Self-Service Portal – The core vCAC is portal in its own right which only displays the right content to the right context based on the user credentials – however, there is a much simpler self-service portal which offers a UI which might be a bit more easier on the eye.

As you can see there’s quite a bit of work to do in first setup – the savings in time come once you have consumers onboard and using the system itself. As the post title suggests my focus is on vCenter/vSphere in this instance, but I will be walking through all the other compute resource endpoints as my learning progresses…

Read the rest of this entry »

This is picture of what real “automation” looks like…

Acknowledgement: I should thank Adam Bohle and Kim Ranyard who have been unofficially supporting me, and helping me. Without Adam and Kim’s assistance over the last couple of days this blog post wouldn’t have been possible. Thanks guys!

Previously, I spent an entire post just talking about meeting the pre-requisites for an installation of vCAC. By the end of the process I now have two setups – one that’s fully-distributed and product like with multiple Windows instances for the different vCAC roles – and another I’m calling “Uber-vCAC” which is one big Windows instance that will do the whole shooting match. I wanted to try both types of install – because I know the 1st one would be done in production and the second one would be done in a homelab. I must admit creating the Uber-vCAC was very easy. I guess it just shows that in IT once you have done a task more than two or three times it becomes second nature to you, and feels qualitative easier.

Now that I happy that all those pre-requisities have been met I think I’m ready to proceed to the installation part. As ever you need permissions and rights in order to install anything into Windows. That means what ever account you use it must have “Local Administrator” rights. I guess this is why so much software gettings installed using the credentials of the Domain Admin in our world. To be bit more specific the user rights that stuck out for me in reading the install guide were:

• Manager Service Install – needs at least DBO privileges to the vCAC Database.
• Manager Service Install – if you need to authorise users to Active Directory, the Manager Service user must have rights to the “Windows Authorisation Access” group on the Domain

For this reason I created an “vCAC-Admin” account with the appropriate rights including membership of the groups. It was this account I used for the local login for the installation.

Read the rest of this entry »

vCloud Connector 2.0 and the VMware Cloud Service Evaluation

One source for Service Provider would be VMware’s very own Cloud Service Evaluation – which is currently in beta. The evaluation is just recently been upgraded to vCloud Director 5.1 and support vCloud Connector 2.0. I think there was originally some confusion. From the start the “vCloud Server Evaluation” wasn’t intended as production grade hosted experience – its merely intended as taster of how vCloud Director works. However, when we announced our intention build our own Hybrid Cloud solution – the two became conflated with each other. So on the day of the announcement many people thought this eval was the Hybrid Cloud – when it was just announcement – a statement of intent. Sadly, the poor evaluation got pretty hammered in this time. I guess the good intention was try and get our naming ducks in a row, but people were confused about to two different initiatives if I can call them that.

The sign-up process for the VMware Cloud Evaluation  is nice slick affair – usual suspects apply and there’s SMS PIN validation of the sign-up process which I rather like nowadays – you’ll need a credit card handy. I would recommend digging out your corporate company credit card. That’s what I did. Please don’t tell Jeff my manager. Okay? Fortunately, my friends over in the vCloud Evaluation provided me with a voucher number – so I have some credit already…

I’ve already written posts about the setup of the vCloud Connector private use already, as well as documenting the setup with a public provider like Stratogen, as well the process of copying, content sync and stretched deploy – so I won’t repeat myself.

There is PDF guide that walks you through Cloud with specific emphasis on vCloud Connector, and page 17 is where the document begins to talk about using the Cloud Evaluation with vCloud Connector:

Getting Started with vCloud Connector in the VMware Cloud Evaluation

1. The first step is to create a new user specifically to be used by the vCloud Connector itself. This can be be done under the “Administration” tab by clicking the “Add A User” button. This user must be an Organization Administrator – and no you cannot use the “admin” account generated during the sign-up process – and used as the primary login to the VMware Cloud Evaluation.

In my case I found the vccnode account was already there. That’s because I’ve been on the eval for a while, and it was default user (albeit disabled). The documentation now indicates you have to create this user now…

Read the rest of this entry »

One of the things I’ve been looking at is ways the vCommunity can learn more about cloud and vCloud Director with minimal effort. After all not everyone has a homelab or colocation like I do. It’s worth saying that the physical resources required to learn more about vCloud Director are not insignificant. So it was with those thoughts in mind that I started to look at the VMware Cloud Evaluation – as a possible route in. One of the interesting things about the evaluation is that it demonstrates how a customer could wrap their own UI shell around vCloud Director, as well as or instead of exposing the native vCloud Director interface to the consumer.

The sign-up process for the eval is pretty  slick and I would  recommend  any SP who is thinking of entering this space  to take a look at this enrollment process. Along side taking essential user data, the evaluation uses SMS text messages to verify the sign-up process along with the more common email method. Its something I’ve seen banks do frequently to sign up new payees in my Internet banking.

It takes about 15mins once all the details have been taken instantiate a new cloud evaluation account. That might sounds a long time to you, but believe me this actually pretty quick – especially as I heard only a couple of weeks ago that one SP’s idea of an acceptable onboarding process was 6 months!  I guess that’s corporate compliance for you – previously it took a year – so things are getting better! The Organization name is a numerical value that is assigned along with your password when your account is created. Once logged in to your evaluation account you have the option of using a simplified UI interface or the more sophisticated vCloud Director.  The simplified evaluation UI  is on the “My Cloud” tab while on that tab you can choose to view in vCloud Director if you want to. As the OrgAdmin you have the right to create vApps and vApp Networks using the core vCloud Director interface.

Read the rest of this entry »