Sam McGeown

If you use the in-built vRealize Orchestrator instance shipped with the vRealize Automation appliance then you might run into this issue when working with the REST client:

Connection pool shut down (Workflow:Get-IdentityToken / Scripting (item3)#14)

The vRA appliance version I have (6.2 - note to self, need to update lab!) includes the plugin version 1.0.4 for REST. According to the release notes, this was fixed in 1.0.5 - typical!

First of all, thank you to everyone who came along to my session at the UKVMUG yesterday, it was great to see so many people at a round table discussion, sorry for those that had to stand! I hope that it was helpful and maybe a few of you will be building some awesome labs in the cloud!

Ravello very kindly sponsored a free home lab, equivalent to the vExpert 1000 hours account as a prize for my session at the UKVMUG yesterday. Using a high tech random number generator and an Excel spread sheet the winner was picked, so without further ado, congratulations go to…

I use mind maps quite a lot for study, I find the visual representation of info makes it a lot easier for me to remember! Below is a mind map I created for learning the roles in vRealize Automation, which I used during my presentation for #vBrownBag on VCP6-CMA objective 2.

You can download a PDF version here: vRealize Automation Roles Mind Map

Apologies in advance if this is post is a jumbled nonsense, I’m still way too excited!

This morning I woke to the news that I have passed my VCDX-CMA!

This was my second attempt at VCDX and although the first failure was a painful experience, the lessons learned from it were invaluable to take into the defence the second time around. Failing doesn’t have to be a negative experience - if there is one thing that I will take from the VCDX program it is that there is ALWAYS more I need to learn, and I can always do better. Learning has to be a way of life (in this industry especially!) and the minute you stop, you start falling back.

@vaficionado) – if that list of names doesn’t fill you with confidence for vRA.Next, then I suggest you follow them on twitter and trust me that it’s a crack team!

So, my highlights:

1. Completely automated deployment…almost. The deployment of appliances and installation of IaaS components and pre-requisites will be wizard driven, the Window Servers will need to exist and have an agent installed, and the MSSQL server will also need to be installed. Anyone who’s done a distributed vRA install will know that this is a massive improvement over the current state of affairs.
2. The vRealize Automation appliances will be clustered automatically for core services such as identity, cafe (portal), vPostgres and embedded vRealize Orchestrator (Embedded vRO is now recommended for production).
3. A new identity service. No more vSphere SSO or PSC – VMware Identity Management (vIDM) is a new, highly scalable and performing federated identity platform. Any SAML identity source, and more than 3m users supported per source.
4. An initial setup wizard that creates your first tenant, configuring things like fabric groups, business groups and vSphere endpoints automatically. It will even import your existing vSphere templates as clone blueprints.
5. The old CDK is gone! Instead you can use any event within vRA that is pushed through the RabbitMQ message bus to trigger extensibility through workflow subscriptions.
6. vRealize Orchestrator has a new HTML5 Control Center which is your single admin point for plugin configuration as well as adding metrics and monitoring for all workflows being executed.
7. There’s no need for unique tenant URLs – the new vIDM platform allows a single logon interface for all tenants. (Though you can keep your URLs if you want!)
8. vIDM can also be used to control authentication from IP source, e.g. to restrict logon to a specific subnet regardless of whether the credentials are valid or not. This has some cool ramifications for having the web layer in a DMZ, for example.
9. Functionality is slowly being migrated from the old IaaS/DynamicOps layer to the appliance – this is fantastic news. The migrated portions (such as vSphere Endpoint configuration) are now accessible through the vRA API, as well as gaining the speed and stability that the appliances provide.
10. The new blueprint designer is awesome. Added to that what was AppD is now called App Services and allows you to take a base blueprint (e.g. a CentOS VM) and drag and drop software components that you’ve scripted on top (e.g. Apache, then PHP). You can also drag and drop XaaS (vRO workflows) onto the blueprint, as well as existing blueprints to create nested blueprints.
11. Much fuller integration between NSX and vRA. There’s a whole raft of improvements in the integration between vRA and NSX – e.g. you can drag a new routed network onto a blueprint and it will automatically create a new Logical Switch and Distributed Logical Router to attach the Logical Switch to. Similarly load balancing applications is a drag and drop operation, as is applying existing security groups.
12. All blueprints can be imported and exported in YAML, which opens up exciting possibilities for storing versioned blueprints and retrieving programmatically.
13. There are over 60 lifecycle events out of the box on which you can trigger Orchestrator workflows, but you can create custom filters based on properties and events to extend functionality – the only limitation is what you can imagine!

There are still several months of development to go between now and the GA of vRA 7 and the development seems to be moving at a great pace. Between beta 1 and beta 2 there was a huge amount of change, and even the version demoed today had new features and UI.

My trip started with a farcical attempt to fly – my 11:50am flight on Sunday didn’t leave ‘til 3:30pm, but in light of William Lam’s travel woes on the same day, I don’t think I’ll complain to heavily. After a quick stop off at the Fira to register and grab my VMworld bag and I headed off to meet DefinIT co-author Simon ( @simoneady ) at our AirBnB apartment (which, by the way is awesome and a whole load cheaper than a hotel).

For the last few years at VMworld I’ve taken advantage of the discounted exam price and booked a “have-a-go” exam – typically an exam I’ve been wanting to do but not necessarily had the time I wanted to study for it. Since I have been fairly immersed in the NSX world for the last week, sitting in an NSX design and deploy class and surrounded by some very smart networking guys, I changed my “have-a-go” exam from the VCP6-CMA to the VCIX-NV.

As a vExpert, I am blessed to get 1000 CPU hours access to Ravello’s awesome platform and recently I’ve been playing with the AutoLab deployments tailored for Ravello.

If you’re unfamiliar with Ravello’s offering (where have you been?!) then it’s basically a custom hypervisor (HVX) running on either AWS or Google Cloud that allows you to run nested environments on those platforms. I did say it’s awesome.

[<img class=“alignright size-medium wp-image-3968” src="/images/2014/02/pernixdata1.png" alt=“pernixdata” width=“300” height=“80” since vSphere 6 was released, simply because I can’t afford to wait on learning new versions until 3rd party software catches up. It makes you truly appreciate the awesome power of FVP, even on my less than spectacular hardware in my lab, when it’s taken away for a while.

Now that FVP 3.0 has GA’d, I’m looking forward to getting my lab storage accelerated - it makes a huge difference.

With a Platform Services Controller appliance deployed as part of a vCenter Server installation, either integrated as part of the vCSA or as a separate PSC appliance, you can easily join the PSC to an Active Directory domain using the Web Client.

When you’ve deployed the PSC as the single sign on layer of a distributed vRealize Automation deployment, you don’t have the vSphere Web Client to configure it in the same way. This means that you can’t add an integrated Active Directory identity source to the default tenant, either using the PSC machine account or an SPN for Kerberos.