automation

[Update Dec 2016: An updated article for vRO 7.x is available here] I’m developing some very large, very complicated workflows for vRealize Orchestrator (vRO/vCO), and as it’s a Java based application it will probably come as no surprise to many that the performance of the client drops off sharply as the client’s RAM usage creeps up. When working on some of the larger workflows, or after long sessions and heavy clipboard use, the client would become (even more) sluggish and in some cases would freeze entirely.

Recently when do a fresh install of vRealize Automation (vRA) 6.2 I came across the following error after configuring the first end point.  Error log example      DataBaseStatsService: ignoring exception: Error executing query usp_SelectAgent Inner Exception: Error executing query usp_SelectAgentCapabilities and Error processing ping response Error executing query usp_SelectAgent Inner Exception: Error executing query usp_SelectAgentCapabilities First of all I checked to see if the end points were working which in this case they appeared to be, but I wanted to clear the error before continuing the install.

A requirement that often arises in large, complex orchestration projects is the need to encrypt and decrypt information. One such requirement recently specified triple DES password based encryption as the standard, which led me through a lot of Google searches to CryptoJS. CryptoJS is a growing collection of standard and secure cryptographic algorithms implemented in JavaScript using best practices and patterns. They are fast, and they have a consistent and simple interface.

It’s a fairly common requirement when creating a new user to assign a randomly generated password, so during a recent engagement I wrote a little password generator to do that. I wanted to be able to chose whether special characters were used, and the length of the password - typically if the password doesn’t used special characters I would increase the length significantly! Characters should be randomly picked from: a-z A-Z 0-9 (optional) ASCII special characters Inputs passwordLength - the length of the password to be generated (number) excludePunctuation - exclude the use of special characters if TRUE (boolean) Outputs generatedPassword - the generated password (SecureString) The SecureString type prevents the string from being displayed in the workflow attributes - it can be used as a normal string, but will be asterisk’d when displayed.

One of the use cases I’ve been working on with a customer is based on the vRO/vCO multi-node plug-in and involves the master vRO/vCO node calling proxy workflows based on a parameter - in this case the target site. As you can see from this very simple diagram, a Cloud Management System (CMS) calls a workflow on the Master node, which then executes a proxy workflow on the correct site. The trick is getting the Master Orchestrator node to pick the right proxy workflow.

To quote the release notes for the latest version of vCO/vRO Multi-node Plugin: The VMware vCenter Orchestrator Multi-Node Plug-In allows organizations to manage environments with multiple vCenter Orchestrator server instances. As organizations increase their level of automation, they often find the need to deploy multiple Orchestrator instances. With the VMware vCenter Orchestrator Multi-Node Plug-In, administrators have a more efficient way to manage multiple Orchestrator instances from a central point. The plug-in allows administrators to log in to a master Orchestrator server to view the inventories and workflows of remote Orchestrator servers, and to trigger workflows remotely.

To add a Windows Server 2012 R2 PowerShell host using Basic Authentication only, follow these steps. Ensure that the Windows Firewall service is running (it doesn’t matter if the firewall is enabled or disabled, it should always be running! That’s a general rule, not just for this). On the PowerShell host open a command prompt (*NOT* PowerShell console) as administrator and run the quickconfig command - you can re-run it if it’s already been run - but make sure it has.

I am aware that that’s not a catchy blog post title. In fact, it doesn’t even really describe the problem or solution very well - for that I need to go into a little bit more depth! Suppose I have configured a Reservation with two Networks ticked (“192.168.1.0-VLAN1” and “192.168.10.0-VLAN10”). As you can see in the screenshot below, each of the networks has a Network Profile created and assigned with a network pool to provide IP addressing for the VMs.

With the release of vCAC 6.1 there have been some great improvements in the setup of the clustered vCAC appliances - none of the previous copying of configuration files between appliances - just a simple wizard to do it all for you. In my opinion this is superb. You’ll need to have deployed a load balancer of some sort - vCAC 6.0 build-out to distributed model – Part 3.1: Configure Load Balancing with vCNS or vCAC 6.

As a PowerShell fan I find using the vCO PowerShell plugin makes my life a whole lot easier. What isn’t easy however, is the configuration of vCO and a PowerShell jump host. Having done it a few times, this is my method for ensuring a secure working connection using HTTPS and Kerberos. Configure the Orchestrator Appliance Since we’re planning on using Kerberos authentication, we’d better ensure that the time is correct AND syncs to the same source as the domain.