VMUG User Con 2024: Rückblick

Am 25. April 2024 öffneten sich in Frankfurt am Main die Türen zur Deutschen VMUG UserCon, der ersten ihrer Art in Deutschland seit der Übernahme von VMware durch Broadcom. Es war ein Treffen der sieben lokalen VMUG-Gruppen Deutschlands, darunter Hamburg, Berlin, Rhein-Ruhr, Frankfurt a.M., Kaiserslautern, Nürnberg-München und Stuttgart. Soeldner Consult war ganz traditionell auch vor Ort.

Keynotes, Breakout-Sessions und Networking

Ein Highlight der Veranstaltung waren zweifellos die Keynote-Speaker. Joe Baguley, CTO EMEA, Brad Tompkins, VMUG Executive Director, sorgten für exklusive Einblicke und brachten eine tolle Atmosphäre auf die Veranstaltung. Darüber hinaus bereicherte die Anwesenheit von Hock Tan das Event, dem Präsidenten und CEO von Broadcom, der weitere spannende Perspektiven aufzeigte.

Neue Erkenntnisse und inspirierende Begegnungen bei der Deutschen VMUG UserCon 2024

Die Breakout-Sessions waren ebenso informativ wie vielfältig. Dabei wurden technische Hintergründe beleuchtet und innovative Methoden präsentiert. Besonders herausragend waren die Vorträge von vRockstars Duncan Epping und Cormac Hogan, die die neuesten Entwicklungen im Bereich vSAN ESA und DSM 2.0 präsentierten.

Die Veranstaltung wurde abgerundet durch die Closing Keynote von Björn Brundert, einem altbekannten Gesicht der VMware-Familie.

Zusammenfassend bot die deutsche VMUG UserCon 2024 eine Fülle von Informationen und Networking-Möglichkeiten für alle Besucher. Ein herzliches Dankeschön an alle Teilnehmer, Referenten und Organisatoren für eine gelungene Veranstaltung, die sicherlich noch lange in Erinnerung bleiben wird.

Wir freuen uns schon auf das nächste Mal.

vRealize Automation 8: Network Profiles – Existing Network

Introduction

The first and most easy way to use a Network Profile, is to deploy in an existing network. In that case there are no network components that needs to be created on the fly, hence the configuration is easy.

The following instructions will show how to create a Network Profile and configure it accordingly.

  1. Go to the Infrastructure > Network Profiles page and click on [+ New Network Profile]
  2. On the Summary page, provide the following information:
    • Account / region
    • Name
    • Optionally a description
    • Capabilities, which have to match constraints on a blueprint
  3. On the Networks page, add the appropriate existing networks. Remember, if you have more than more network, tags can be used as blueprint constraints in order to match to tagged networks to avoid ambiguity.
  4. On the Network Polices page, there is no need to do perform any configuration.
  5. Click on Create
The image shows a "New Network Profile" creation screen from vRealize Automation 8, with tabs for "Summary," "Networks," "Network Policies," "Load Balancers," and "Security Groups" across the top. The "Summary" tab is selected, indicating the section where basic information about the new network profile is provided. The fields include "Account / region" with an icon and text indicating 'SC labs / SCLABS', the "Name" of the profile as 'NP_Default', and a "Description" box containing the text 'This is the default network'. Below, there is a "Capabilities" section where "Capability tags" are displayed with one tag entered as 'network:standard', suggesting this tag is used to match network profile capabilities to constraint tags in service blueprints. The bottom of the screen features "CREATE" and "CANCEL" buttons, allowing the user to finalize the creation of the new network profile or abandon it.
The image displays the "New Network Profile" configuration screen in vRealize Automation 8, with the "Network Policies" tab selected. Users are provided with options for network creation, specifically for outbound and private networks. The first option, "Do not create on-demand network or on-demand security group," is selected, indicating that no automatic network or security group will be created with this profile. The other options to "Create an on-demand network" or "Create an on-demand security group" are not selected. Under the "Network Resources" section, there are search fields for "External network," "Compute Resources," "Edge cluster," and "Edge datastore," all empty and awaiting input. At the bottom of the interface are "CREATE" and "CANCEL" buttons, allowing the user to either save the new network profile or discard the changes.

Once the network profile has been created, you can go to the blueprint and add a Network element. The following yams shows the code, for an ElasticSearch Deployment (we skip the code to install ElasticSeach) that goes to a specific existing network (we use tags to identify the currect network profile):

formatVersion: 1
name: ElasticStack
version: 1
description: Installs Elastic Stack on a single machine
inputs:
  image:
    type: string
    enum:
      - ubuntu1604
      - Ubuntu1804
    description: Image/OS required
    title: Image/OS
    default: Ubuntu1804
  flavor:
    type: string
    enum:
      - small
      - medium
    description: Choose the size of the machine
    title: Flavor
    default: medium
  network:
    type: string
    title: Network
    description: Input the network tag information
    default: 'network:vlan41'
  region:
    type: string
    description: Input the region that the resources belong to
    title: Region
    default: 'region:sc-central-1'
  key:
    type: string
    title: Public Key
    description: Input Public Key outputted from the script
    default: ENTER-PUBLIC-KEY
  name:
    type: string
    title: VM Name
    description: Name of the virtual machine
resources:
  Elastic_Stack_NODE:
    type: Cloud.Machine
    properties:
      name: elastic_stack_node
      flavor: '${input.flavor}'
      image: '${input.image}'
      cloudConfig: |
        #cloudconfig
        repo_update: true
        repo_upgrade: all
        package_update: true
        package_upgrade: all
        hostname: ${input.name}
        manage_etc_hosts: true

        runcmd:
        - echo "${input.key}" >> /root/.ssh/authorized_keys
        - echo "${input.key}" >> /home/ubuntu/.ssh/authorized_keys
        - chmod 400 /root/.ssh/vmware.pub
      networks:
        - name: '${Elastic_Stack_Network.name}'
          tags: []
          network: '${resource.Elastic_Stack_Network.id}'
          securityGroups: []
          assignPublicIpAddress: false
      constraints:
        - tag: '${input.region}'
  Elastic_Stack_Network:
    type: Cloud.Network
    properties:
      name: Elastic_Stack_Network
      networkType: existing
      constraints:
        - tag: '${input.network}'

vRealize Automation 8: Network Profiles

Introduction & Summary

In short, the Network show the following information:

  • The networks and networking objects that can be used for provisioning. Those networks are discovered from the underlying Cloud Accounts and can encompass vSphere network, NSX-T/NSX-V networks or those from Cloud Providers. In order to work with them and allow DHCP from blueprint deployments, we showed how to add additional information like CIDR range, DNS or domain settings.
  • IP ranges could be used to define the set of IP addresses that can be reserved during provisioning.
  • Once those IP ranges have been setup and you configured your blueprint correctly, the IP ranges showed all the IP addresses in use.
  • Load balancers showed all the discovered load balancer
  • Network containers lists containers or groupings of related networks.

Network Profiles

The next thing we want to discuss are Network Profiles.

Basically, Network Profiles are used at runtime to determine which network constructs will be used or created at runtime. Those network constructs encompass existing network constructs (from vSphere, NSX-T, NSX-V, or any VPC, VNET stuff from cloud providers): Those network constructs can be something like networks, load balancers or security groups.

In addition Network Profiles can help to create on-demand network resources. That includes:

  • Public networks
  • Private networks
  • Outbound networks
  • Routed networks

Technically, Network Profiles provide some orchestration stuff, so that we do not need the configure the underlying network management system (for example NSX). For example, when setting up a routed network, vRealize Automation will create a logical switch, a DHCP server and will advertise the NSX routes.

However, configuration is not done with solely in the Network Profile. Some tasks has to be done on the blueprint as well. 

Compared to vRealize Automation 7, the configuration has been simplified, To achieve similar goals, the configuration of network profiles and blueprints was not sufficient in the old version. There was also work to be done on reservations. However, as there are no reservations in vRA 8 anymore, things have become easier.

Besides setting up networks, vRealize Automation can also help you with microsegmentations and firewall rules.  We will discuss everything in detail within the next blog posts.

vRealize Automation 8: Networks – Part 2

Introduction


As discussed in the last blog post, vRealize Automation allows to manage networks and their configuration settings in an intuitive and comfortable manner. Administrators have an overview over all networks imported from the underlying Cloud Accounts and are able to centrally manage stuff like CIDR Ranges, DNS settings, Gateways and so on.

Besides, administrators can use the IPAM built-in functions of vRA if they don’t have a dedicated IPAM solution like Infoblox.

Perform the following steps to manage IP ranges:

  • Within the Networks page, select the network for which you want the IP ranges to be configured and click on „MANAGE IP RANGES“
  • Click on [+ NEW IP RANGE]
  • Provide a Name for the IP Range
  • Optionally, provide a description
  • Enter the Start IP address
  • Provide the End IP address

Click on Create

IPAM Considerations

Once you have saved your new IP range, you can change to the IP Ranges tab and have an overview about all your configured IP Ranges.

However, there are some caveats in order to use the internal IP Ranges and hence you have to make sure that the following requirements are fulfilled:

  • First, you need the VMware Tools installed on the Linux machine
  • You need to setup a Guest specification in vSphere
  • You have to configure the blueprint to use the guest specification
  • You have to change the Network Assignment to Static on the blueprint

The first two items should be easy to be configured or are most likely already set up properly. The following code shows the necessary configuration on the blueprint.

formatVersion: 1
inputs: {}
resources:
  Cloud_vSphere_Machine_1:
    type: Cloud.vSphere.Machine
    properties:
      image: Ubuntu
      cpuCount: 1
      totalMemoryMB: 1024
      networks:
        - tags: []
          network: '${resource.Cloud_vSphere_Network_1.id}'
          assignment: static
          assignIPv6Address: false
          assignPublicIpAddress: false
      customizationSpec: Linux
  Cloud_vSphere_Network_1:
    type: Cloud.vSphere.Network
    properties:
      networkType: existing
      name: VLAN-41

Once you have accomplished these configuration settings, you can monitor the assigned IP addresses:

Network Load Balancers

When you have NSX integrated, the Network section will also display the load balancers that can be used for provisioned resources.

However, except than setting tags (which is optional), no configuration has to be done here.

Last but not least, the Network Domain section will give you an overview over containers or groupings of related networks. Networks in the network domain are related and non-overlapping. Term equivalents:

  • AWS = VPC (virtual private cloud)
  • Microsoft Azure = Virtual network
  • vSphere = Network

vRealize Automation 8: Networks – Part 1

Network Discovery and Configuration Overview

Like in vRealize Automation 7, setting up network configuration is crucial before being able to create blueprints.

Once a Cloud Account and a Cloud Zone has been configured, you can navigate to the Infrastructure > Networks page and find an overview of networks that have been discovered. 

Streamlining Network Setup with vRealize Automation 8

In addition, vRealize Automation can also keep track about IP ranges. If you configure an IP range and provision a resource from within that range, vRealize Automation is also able to track those IP addresses. If you do not want to rely on the built-in IP adress management (IPAM), you can also integrate a third-party IPAM module. We will show how to integrate Infoblox IPAM in a later post, serving as DNS server as well as an IPAM system.

When provisioning a virtual machine, it is crucial to have network settings injected correctly. This includes the following information:

  • Domain (The domain name is passed to the vSphere machine customization spec),
  • An IPv4 CIDR
  • An IPv6 default gateway
  • DNS Servers
  • DNS Search domains
  • Support Public IPs (this can be used if you want mark the network as a public network, and match it to blueprints having the network type: public property configured).
  • Default for Zone
  • Tags

Setting these information within the network configuration is quite convenient. If your image templates work with DHCP and are using cloud-init for customization, then there is no need for the traditional guest specification anymore, as basic network settings will be injected via DHCP and all the rest via cloud-init (which is by far more powerful than the guest specification and have become a standard).

vRealize Automation 8: Adding a NSX-V Account

In order to use the capabilities of NSX-V in vRealize Automation, it is necessary to setup a NSX-V account.

Setting up a NSX-V Account

This can be done as follows:

  • Navigate to Infrastructure > Cloud Accounts
  • On the Account Types page, click NSX-V
Screenshot of a user interface in VMware vRealize Automation 8 showing a menu titled 'Account Types'. The interface includes icons for various cloud service providers such as Amazon Web Services, Microsoft Azure, Google Cloud Platform, NSX-T, NSX-V, VMware Cloud on AWS, and vCenter. These icons are presented in a clean, modern design with labeled cards for each service.
  • Choose NSX-V
  • Provide the following information and click on Validate:
    • NSX-V IP address/FQDN
    • Username
    • Password
  • If you have a self-signed certificate, you have to confirm to trust the certificate.
  • Provide a name
  • Choose the vSphere endpoint configuration
  • Click on Save
Screenshot of a VMware vRealize Automation 8 interface for adding a new NSX-V cloud account. The screen displays a form titled 'New Cloud Account' with fields for NSX-V credentials including NSX-V IP address/FQDN, username, and password. Additional fields include 'Name' and 'Description' for the account, 'vSphere endpoint' under Configuration, and 'Capability tags' under Capabilities. A green checkmark and the message 'Credentials validated successfully.' are visible, indicating successful credential verification. The 'Add' and 'Cancel' buttons are located at the bottom.

vRealize Automation 8: Define Flavor Mappings

How to define flavor Mappings in vRealize Automation 8

When provisioning virtual machines to a cloud provider, users usually cannot exactly specify how much memory or CPUs should be used by a virtual machine. Instead cloud providers come with predefined flavors.

vRealize Automation 8 also allows to define flavors. That is quite simple, hence this blog post is a short one.

In order to create a new flavor mapping navigate to Infrastructure > Flavor Mappings.

Screenshot of VMware vRealize Automation 8 interface displaying the 'Flavor Mappings' section. The screen shows three flavor mapping options labeled 'large', 'medium', and 'small'. Each option includes buttons for 'Open' and 'Delete', and indicates the number of linked accounts or regions. The interface includes a navigation menu on the left and options to add a new flavor mapping at the top.

Click on [+ New Flavor Mapping] and provide the following information:

  • Flavor Name
  • Account / Region
  • Value
  • Memory
Screenshot of the 'New Flavor Mapping' form in VMware vRealize Automation 8. The form is designed to set up a new flavor mapping, with fields labeled 'Flavor name' and 'Configuration'. The flavor name entered is 'xlarge' and the configuration is set to an account and region 'SC labs / SCLABS'. There is also a field to specify the value, which is set to '4' with a unit of 'GB'. The interface includes 'Create' and 'Cancel' buttons at the bottom.

vRealize Automation 8: Image Mappings

Introduction to Image Mappings in vRealize Automation

In order to create a blueprint with a virtual machine, there is need to import images from the underlying cloud provider.

In contrast to vRealize Automation 7, administrators have full control which images should be imported into vRealize Automation 8, hence there is a dedicated menu item called „Image Mappings“ on the Infrastructure tab.

The image displays a user interface from VMware vRealize Automation (vRA) focused on the "Image Mappings" section under "Infrastructure". In the center of the screen, there are two entries for image mappings: "ubuntu1604" and "ubuntu1804", each with options to open or delete them. In the top right corner, the username "Guido Söldner" and the identity "VR-IDENTITY" are visible. The left sidebar provides additional navigation options including "Configure", "Resources", and "Activity".

Importing an Image is quite easy and can be done via the [+ New Image Button] button.

If you are using vSphere as a cloud provider (what most users certainly do), be sure to configure the template in vSphere beforehand.

The image displays a user interface from VMware vRealize Automation (vRA), specifically showing the screen for creating a new image mapping. The title "New Image Mapping" is displayed at the top. The user is in the process of defining a new image with the name "Windows 2016". Below the name field, there is a "Configuration" section with fields for "Account / Region" and "Image", populated with "SC labs / SCLABS" and "w2k16fcm", respectively. There are also fields for "Constraints" and "Cloud Configuration", with an option to add more configurations. At the bottom, there are buttons for "CREATE" and "CANCEL".

Advanced Image Mapping Techniques

Alternatively, you can directly reference cloud images. For example, when instead of manually importing an Ubuntu template in vSphere, you can just use the URL to import the image. That’s definitively a cool feature, however, please be aware that provisioning might take some more time, as the backing ovf-file has to be downloaded first.


The image displays a user interface from VMware vRealize Automation (vRA), specifically showing the screen for editing an image mapping. The screen is titled "Edit Image Mapping" with a "DELETE" option at the top right. The user is modifying an existing image mapping named "Ubuntu1804". The "Configuration" section lists the "Account / Region" as "SC labs / SCLABS" and provides a URL in the "Image" field, pointing to an Ubuntu image hosted at "https://cloud-images.ubuntu.com/releases/bionic/release-2019". There is also a space for "Constraints" and "Cloud Configuration", with an option to add additional configurations. At the bottom, there are buttons for "SAVE" and "CANCEL".

Once the configuration has been completed, you are able to see the OVF details:


The image displays the "OVF Details" dialog from a VMware vRealize Automation (vRA) interface, specifically for an Ubuntu cloud image. The top of the dialog contains a link to the Ubuntu cloud image release and a "COPY ALL PROPERTIES" button. The details are organized into a table format with columns labeled "Label", "Property", "Default Value", "Qualifiers", and "Required".

Key properties listed include:

hostname: Default value "ubuntuguest", indicating the hostname for the appliance.
instance-id: Labeled as "id-ovf", a unique identifier for the instance.
password: A default password is not set, allowing for a password-based login. The password field can be set to "RANDOM" for generating a random password upon each login.
public-keys: Indicates the SSH public keys used for instance access; by default, no keys are provided.
seedfrom: Specifies the URL to seed instance data from, optional and not set by default.
user-data: Encoded user data, to be base64 encoded and included as part of the instance's startup configuration.
The dialog provides comprehensive information necessary for deploying and configuring the Ubuntu cloud image within a vRA environment.

Setting up Constraints and Cloud Configuration will be discussed in a later post and are optional.

vRealize Automation 8: Working with Projects – Creation

After having discussed the basic principles behind Projects, we will continue with showing how to set up and configure Projects.

Projects can be created from within the Infrastructure > Projects page by clicking [+ New Project].

In order to create a Project, we have to provide a Name and optionally a Description


This image shows a screenshot of the "New Project" creation interface within the vRealize Automation 8 (vRA8) Cloud Assembly module. The interface is split into tabs such as Summary, Users, Provisioning, and Kubernetes Provisioning. The visible tab, "Summary", includes fields for entering the name and description of a new project. The "Name" field is filled with "Lab," and the "Description" field contains "Project for Labs." There are "CREATE" and "CANCEL" buttons at the bottom, indicating the actions that can be taken with the form.

User Management

Next, click on the Users tab. Generally spoken, you should prefer assigning groups than individual users.

This image displays the "Users" tab in the "New Project" interface of the vRealize Automation 8 (vRA8) Cloud Assembly module. The tab is designed for specifying users and groups associated with the project. It features options to "+ ADD USERS" and "+ ADD USER GROUPS" as well as a button to remove selected users or groups. Below these options, there is a list showing one user named "vraUsers@vdi.sclabs.net" with their email address "vdi.sclabs.net" displayed next to their name. The user's role is listed as "Member." At the bottom of the interface are the "CREATE" and "CANCEL" buttons, allowing the user to finalize or cancel the creation of the new project.

Users and Groups that you are adding can be either Members or Administrator in a Project. We have already discussed the permissions of those roles in a former post, so we will not repeat it here once again.

Project Provisioning Setup

The Provisioning tab is the one where most of the configuration work can be done:

This image displays the "Provisioning" tab within the "New Project" interface of vRealize Automation 8 (vRA8) Cloud Assembly. This tab is designed for specifying the cloud zones, resource tags, and constraints that apply to deployments within the project. The "Cloud Zones" section shows a list where "vCenter / SCLABS" is listed with a priority of 1, allowing 100 instances, and having a memory limit of 256 GB. There are buttons for adding and removing cloud zones. Below this, the "Resource Tags" section allows for entering tags to be applied to machines provisioned in the project. Lastly, the "Constraints" section provides fields to specify network, storage, and extensibility constraints with example formats provided for each. The entire interface is structured to facilitate detailed configuration settings for project provisioning.
This image shows a configuration interface for specifying advanced settings in a "New Project" within vRealize Automation 8 (vRA8) Cloud Assembly. The interface includes three main sections: "Custom Properties," "Custom Naming (Beta)," and "Request Timeout."

Custom Properties: This section allows users to define custom properties for all requests in the project. There is a table with columns labeled "Name" and "Value" where users can add these properties.

Custom Naming (Beta): This part enables specifying a naming template for machines provisioned in this project. It includes a field labeled "Template" where the naming format can be entered.

Request Timeout: This area allows setting a timeout for deploying blueprints that require more than the default duration. It provides an example format for the timeout setting, such as "1d, 2h, 3m, 59s."

At the bottom of the interface are "CREATE" and "CANCEL" buttons to proceed with or cancel the project creation. The design ensures that specific operational parameters can be tailored for the project's needs.
  • First of all, we have specify which Cloud Zones can be used by a Project.
  • Secondly, there are Resource Tags to be defined.
  • We can specify Constraints (Network constraints, storage constraints, Extensibility constraints). Remember that constraints have to match with capabilities (on network profiles and subnets, storage profiles or Orchestrator Integrations)
  • We can also add Custom Properties, which will be applied on every blueprints which provisioned by that Project.
  • Custom naming can also be applied. Compared to the Machine Prefixes in vRA 7, Custom naming is much more powerful. Custom naming come with some kind of a basic expression language and gives access to names of other resources (e.g. Resource properties: ${resource.name}, Endpoint properties: ${endpoint.endpointType}, Project Properties:  ${project.name}, User Properties: ${userName}, ${user}, Numbers: ${######}. Expressions can also be combined, for example if the Project name is euc-1a, we could could a create a name like this: ${project.name}-${######} => euc-1a-000001. However, at the time of this writing, Custom naming is still in beta.
  • Request Timeout: Only needed for deployments that need more than 2 hours for provisioning.

Adding Kubernetes Support

This image displays the "Kubernetes Provisioning" tab from the "New Project" interface in vRealize Automation 8 (vRA8) Cloud Assembly. This section is designed for specifying Kubernetes zones that will be used for provisioning clusters within the project. The interface includes a "+ ADD ZONE" and "REMOVE" button, indicating that users can add new zones or remove existing ones. Below these options is a table with columns labeled "Name," "Description," "Priority," and "Capability Tags," though it currently displays the message "No Kubernetes zones assigned to this project" indicating that no zones have been added yet. At the bottom of the interface, there are "CREATE" and "CANCEL" buttons to finalize or cancel the creation of the project. The interface is clean and user-friendly, offering a straightforward approach to configuring Kubernetes zones for project deployments.

The last screen is about adding a Kubernetes Zone to a Project.

Once finished, click Create.

vRealize Automation 8: Working with Projects – First Considerations

After having described how to install vRealize Automation, we have already shown how to add Cloud Accounts and Zones in vRealize Automation 8.

As a recap, Cloud Accounts serve as endpoints for to importing existing resources into vRA (for example compute, network or storage resources).

Cloud Zones

With Cloud Zones you separate resources into smaller compartments for management purposes. For example, you might setup different Zones for different Clusters, Resource Pools or Hosts in vCenter.

Examples of Cloud Zone Applications

Let’s discuss some examples. Maybe you want to implement something like Tiering and have separate clusters (Platinum, Gold, Silver Cluster) for different workloads and hence you end up with different Zones. There might be more use cases for having different Zones:

  • License requirement
  • Compliance requirements
  • Technical requirements like Affinity or Anti-Affinity rules
  • Different regions
  • Different workloads (for example SQL Server, Linux, Windows or so on)

Project Creation and Management

After having created such Zones, the next step is to create a Project. A Project resembles a Business Group from from vRealize Automation 8.

Basically, a Project can be roughly be compared to an AWS Account, a Google Project in GCP or a Resource Group/Subscription in Azure. That means a set of users gain access to the underlying services and resources from the Cloud Zones through Projects.

If a Project needs to provision resources into different Cloud Zones, you can add additional Cloud Zones to a Project, which means there’s a 1:n relationship between Zones and Projects.

Let’s compare that approach in vRealize Automation 7. In vRealize Automation we had Fabric Groups and Business Groups. Business Groups were able to provision into Fabric Groups by means of Reservations. If we wanted to implement something like Tiering, we had to set up different Reservations and Reservation Policies – concepts that confused a lot of newbies in vRealize Automation 7.

In vRA 8, there are no Reservations anymore, so there is need to define something like capabilites and constraints, which means the following:

  • Resources (e.g. Cloud Zones) define a set of capabilities, which means they are declaring what kind of functionality they can offer.
  • In order to choose amongst the set of underlying resources and their capabilites, we define constraints. Provisioning is only possible if the capabilites and constraints match each other.

Constraints, Capabilities as well as Tagging are powerful mechanism, so we will discuss them in detail in a later blog post.