vCAC 5.2 to 6.x Construct Mappings

vCAC 5.x admins/architects might get surprised by vCAC 6.x construct naming and think VMware has abundant the constructs vCloud Automation Center used in the past. After a closer look though, you will notice these construct functionality is still the same as they used to be in 5.x and they were just renamed to fit the wider audience vCAC is currently address and to be better aligned with those constructs functionality. The main different is that a new Tenant Construct was introduced in vCAC 6.x which did not exist in 5.2 as vCAC 5.2 did not support  multi-tenancy.

I get asked quite often about the construct mapping between vCAC 5.2 and 6.x. Further, the longer I have been delivering just vCAC 6.x engagements, I seem to start forgetting the contruct mapping between vCloud Automation Center 5.2 and 6.x, so I decided I will document it here for a reference to myself and others looking for such info. Below is the best diagram I was able to find that highlight the construct mapping between vCAC 5.2 and vCAC 6.x:

vCAC 5.2 to vCAC 6.x Construct Mapping

Hope this help those of you familiar with vCAC 5.2 jump on 6.x with confident :).… Read More

vCloud Automation Center 6 Load Balancer configuration

Every Distributed vCloud Automation Center 6 installation involves configuring load balancing at several levels. As load balancers have historically been the responsibility of the network team, many virtualization/server admins are not comfortable with them.  Further, if your load balancing request is not clear and detailed the network team will return the request back and ask for more clarifications and any extra required details. This seems to give many Cloud/Virtualization admins a hard time when trying to complete a vCloud Automation 6 Distributed install. In a try to help the rest of us get the info they need to pass to the network team to configure the load balancing required to complete a vCAC Distributed install, I will try to provide as much details required in this post.

Note: This still applicable for vRealize Automation 6.x and vRealize Automation 7.x. Please note vCloud Automation Center (vCAC) has changed named to vRA (vRealize Automation) after 6.0.

Let’s start by trying to figuring out where do we need to plug in our load balancers, and which components we need to load balance. How about a diagram which present where load balancers fit in a vCAC Distributed install:

vCAC Distributed install Load balancer

 Below is the required configuration for load balancing vCloud Automation Center 6 at each level:

vCloud Automation Center Appliance (VIP):

The vCAC Appliances will be setup in an Active/Active configuration with the below configuration:

  • Transport Protocol: Https (443)
  • Load balancing Method: Least Response Time
  • Enable session affinity or sticky session  (Source IP or Cookies)
  • Health Check URL: https://<Your vCAC Appliance FQDN>      Ex: https://vcacapp01.vt.com
Read More

Application Director unable to login to cloud provider

I was delivering an engagement lately where I had to integrate VMware Application Director with vCloud Automation Center 6.0.  I have got to the stage where I needed to connect App Director to a Cloud provider.

Although I was certain, I have entered the correct information on the New Cloud Provider screen as shown below, I kept getting the following error: “Could not connect to the Cloud Provider at https://vtvcaciaas Unable to login to cloud provider. Please verify the user credentials as well as other parameters you entered.”

vCAC fail to connect to Application Director

This error was quite frustrating, as I was sure I have provided the correct information as well verified it over a 100 time. After digging for an answer, I was surprised to know that the User Name here is case sensitive, so basically cloudadmin@vt.com is not equal to CloudAdmin@vt.com. I had to go back to my Active Directory Domain Controller, and search for the user and copy it case sensitive as is to this User Name field which in my case was “CloudAdmin@vt.com”. To my surprise this worked every time.

As most of us are used to none case sensitive user name, where every one knows by now password is case sensitive, I can see this same issue catching many others, and hope this help save you a bit of time :).… Read More

Generating Certificates for vCAC 6 IaaS Web Server & Manager Service

This post will take you through the steps you will need to generate, request, and apply the certificates for both vCloud Automation Center 6 IaaS Web Server as well the Manager Service. Please note this is the third part of a three post vCAC 6 Certificates tutorial, where the first two posts can be found at:

Note: for vRealize Automation 7, please check out following blogpost before continuing with this one: Replacing Certificates in vRealize Automation 7

Note: This article assume you are doing the large setup, where you will have to generate two different certs one for Web and one for Manager Service. If you are running the medium setup then you will need to include all the names of the Web and Manager Service machines into the same cert as vRA will only allow you to use one cert for the combined services. 

Step 1: Generating the Certificate Requests

To generate the appropriate configuration files:

1. Open a text editor on the system where OpenSSL is installed.

2. Paste the following text into a file, replacing the information in red with that specific to your environment.… Read More

Generating Certificates for the identity Appliance/vCAC Appliance

At this post, I will go through how you Generate and import the certificates in a step by step fashion for both the Identity and vCAC Appliance. Please note this post is the second part of a three post tutorial where you can find the other two posts at:

Note: for vRealize Automation 7, please check out following blogpost: Replacing Certificates in vRealize Automation 7

Step 1: Generate the appropriate configuration files:

  1. Open a text editor on the system where OpenSSL is installed.
  2. Paste the following text into a file, replacing the information in red with that specific to your environment.

This one I used for Identity server:

[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment, nonRepudiation
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:vtid01, IP:192.168.2.101, DNS:vtid01.vt.com
[ req_distinguished_name ]
countryName = CA
stateOrProvinceName = ON
localityName = Toronto
0.organizationName = Lab
organizationalUnitName = vCACSSO
commonName = vtid01.vt.com


This one I used for my vCAC Appliance:

[ req ]
default_bits = 2048
default_keyfile = rui.key… Read More

vCloud Automation Center 6 Certificates A to Z

While working on delivering vCAC 6 engagements, I have noticed that getting all the certificates required in place has always required me to jump across different information sources between VMware documentation, blogs, & other consultants work. For that I have decided to put this guide together which cover the certificates process for a new vCAC 6.x installation from A-Z to easy the process for myself and others. I start all the way from how to install your own CA and continue all the way till you assign the certificates to each component. Before I start going through the details, I have to give credits where due. This document has incorporated information from all of the below sources:

While I have used a lot of material and knowledge that I have gained from the above sources, I have incorporated these steps at different customers, and carried out the full work again in my lab to get all the screenshots being consistent across the full procedure. Hope you will find it useful.

Note: for vRealize Automation 7, please check out following blogpost: Replacing Certificates in vRealize Automation 7

Good to know

This section gives you some important vCloud Automation 6 certificates faqs and recommendations, that you will need to know before getting started.… Read More

How to fix: vCAC 6 AD Login is very slow

While working at a customer site with a pretty decent size Active Directory where they have implemented an Empty root structure, vCAC login through Single Sign On when using Active Directory accounts were pretty slow. It took up to 10-15 minutes at time per login attempt.

The customer had a multitiered domain in a single forest. The top domain/root domain or if you want to call it level 1 domain was empty, where all the users and where vCAC users were coming from is the level 2 domain. What was happening is when a user of the level 2 domain try to login he was facing one of the below two problems:

1- If the user does not have any group membership outside  the level 2 domain, they were allowed to login, but it took quite a bit for the login attempt to complete. (10-15 minutes)

2- If the user has any group membership or any tie outside the level 2 domain, after the log on attempt, the progress bar on the log on page will stop and nothing will happen.

At first, I thought I might be short at resources on my SSO server so I boosted that up, while it speeded things a bit it was not too noticeable of improvement and I knew there was a bit more work to do.… Read More

Warning: The current browser that you are using is not supported for use with vCAC 6.0

After setting up vCloud Automation Center 6.0.1 for one of my clients, I was able to access the vCAC portal using my Firefox browser with no problem what so ever. After I have finished the configuration of vCAC and turned the setup to the customer to try it from his machine, he did not have Firefox and their corporate policy force them to use IE8 which is by the way a supported vCAC browser and I was confident it should work there with no problem. The surprise was as soon he opened up the vCAC page in his IE8, he got the following error:

‘Warning: The current browser that you are using is not supported for use with vCAC 6.0’

vCAC 6 not supported error

This has got me in doubt if I have conveyed the wrong message to the customer of IE8 being a supported browser, so I went right a head and checked vCAC 6.0.1 supported browsers list which can be found on page 14 at: http://www.vmware.com/pdf/vcloud-automation-center-60-support-matrix.pdf

The list of supported vCloud Automation Centers as extracted from the document is copied below:

 

—————————-

Browser Support
Microsoft

  •  IE8
  •  IE9 **
  • IE10 **

Google

  • Chrome 29
  • Chrome 30

FireFox

  • Firefox 23
  • Firefox 24

** Compatibility mode for IE9 and IE10 is not supported.… Read More