Wednesday, August 31, 2016

Data collection for NSX (Network and Security Inventory) fails on vRealize Automation 6.2

I recently introduced NSX 6.2 in my vRealize Automation 6.2 setup and updated the (vSphere) vCenter Server Endpoint with network and security platform information.

When I ran the data collection after updating the Endpoint, the data collection for Network and Security Inventory kept on failing.

 I found below error in "Infrastructure>Monitoring>Log

Workflow 'vSphereVCNSInventory' failed with the following exception: Error executing vCenter Orchestrator workflow: org.springframework.web.client.RestClientException: 403 Forbidden (Workflow:Create NSX endpoint / Scriptable task (item1)#10).

This error message is common when wrong credentials are used for NSX, after correcting the credentials the data collection was still failing but with a new error message

Workflow 'vSphereVCNSInventory' failed with the following exception: vCenter Orchestrator returned an error: browseInventory().

I logged into my Orchestrator client and checked inventory and found error for NSX plugin.


Default plugin was causing error for me, I uninstalled the default NSX plugin and installed the latest plugin.

Steps to uninstall vCO plugin

1. Login to vCO and navigate to "/usr/lib/vco/app-server/plugins"

2. Locate the plugin "o11nplugin-nsx.dar" and manually remove it
rm o11nplugin-nsx.dar

3. Delete the Package from Packages tab called "com.vmware.nsx"

4. Delete the NSX empty folder if any under Library>NSX

5. Restart the vco-server and vco-configurator service
service vco-server restart
service vco-configurator restart

6. Now import the new plugin and restart service

Now the Data collection was successfully and it ran "create NSX endpoint" workflow successfully under "vCO>NSX>Configuration" 

Tuesday, August 30, 2016

VMware Certified Advanced Professional 6 – Cloud Management and Automation Deployment Exam - Study Guide

I have started resumed to complete this guide which was stopped for pretty long time. There were issues with the lab and I continued avoiding it due other activities which had taken priority. However, I am going to update the missing objecting and try to improve the current content.

Below is the Blueprint objective of the certification - VMware Certified Advanced Professional 6 - Cloud Management and Automation  Deployment Exam. 

The are 9 section in exam blueprint  and all the topics are listed below. The complete blueprint the find here .

Section 1 - Deploy and Manage vRealize Automation Components 

Objective 1.1 - Deploy and Manage a vRA Appliance and IaaS Server as single nodes 
· Acquire IaaS installation media from the virtual appliance
· Perform initial configuration of appliance and IaaS
o Configure NTP server for vRealize Appliances
o Assign appropriate IP address to vRealize Appliance
· Microsoft Distributed Enable Transaction Coordinator (MSDTC) to communicate between all servers in deployment.
· Configure Windows Firewall to allow vRA components to communicate

Objective 1.2 - Deploy and Manage vRA Appliances and IaaS Servers in a Distributed Configuration
· Deploy vRA Appliances in a distributed / highly available configuration
· Deploy virtual appliance in segregated role configuration (s)
· Acquire IaaS installation media from the virtual appliance
· Configure IaaS in segregated role configuration (s)
· Perform initial configuration of vRealize Appliances and IaaS Servers
· Microsoft Distributed Enable Transaction Coordinator (MSDTC) to communicate between all servers in deployment.
· Configure Windows Firewall to allow vRA components to communicate

Objective 1.3 - Deploy and Manage vRealize Automation Center Infrastructure Components
· Implement DNS requirements for load balancer integration according to a deployment plan
· Install certificates on each relevant vRA component in standard and distributed model
· Configure SSO Identity Source for use with vRealize Automation
· Configure components using FQDN via CNAME definitions before load balancer is available
· SMTP notifications Configure

Objective 1.5: Create fabric groups utilizing reservations and reservation policies

Section 2 - Configure Tenant Properties Objective

 2.1 - Configure Tenant Properties

Objective 2.2 - Create / Modify a Business Group

Section 3 - Configure Network and Security Automation Objective

3.1 - Configure and Manage NSX Integration with vRealize Automation
· Implement machine blueprints that use:
 o External network profiles
 o Routed network profiles
 o NAT network profiles
 o Private network profiles
. Deploy applications using a pre-configured networking model
· Deploy applications using a fully automated networking model
· Configure static and dynamic routing
· Deploy an application that uses an automatically provisioned load balancer · Apply a security policy to elements of a multi-machine blueprint
· Automate the application of a security policy to new machines provisioned from a blueprint

Objective 3.2 - Deploy and Manage Certificates and Access Control
· Deploy and Update certificates for multiple vRealize appliances
· Create / add / modify users and groups for specific roles
· Configure user access to Identity Store Groups, Custom Groups, Business Groups, and Entitled Items according to a deployment plan
· Assign a user to specific Custom Groups and Business Groups
· Generate new certificate requests
· Replace self-signed certificates with signed certificates
· Assign new administrative users to different Business Groups
· Modify the user session time out setting
· Create custom groups that grant users / groups multiple roles

Section 4 - Create and Manage Machine Blueprints Objective

4.1: Create and Configure vRealize Automation Machine Blueprints
o Assign reservation policy 
o Define instance types
o Define actions 
o Create shared blueprints 
o Create master blueprints

Objective 4.2: Publish a Machine Blueprint to a Service Catalog

Objective 4.3: Manage custom properties and build profiles

Objective 4.4: Import existing workloads

Section 5: Deploy and Manage vRealize Orchestrator Objective

5.1 - Configure vRO for vRA
· Configure vRealize Orchestrator:
o Install and configure plug-ins
o Import an SSL certificate
· Add a vRA server and an IaaS server to vRO.
· Enable custom integrations between vRA and vRO.
· Install and configure a vRO plug-in
· Import a SSL certificate in vRO configurator

Objective 5.2 - Modify a blueprint to invoke a workflow during a lifecycle change

Objective 5.3 - Create / Modify / Execute a vRealize Orchestrator Workflow
· Configure variable binding in a vRO workflow
· Perform logging from a vRO workflow
· Add schema elements to a vRO workflow
· Create / modify / troubleshoot actions
· Create / modify / execute vRO workflows
· Run workflow (s) in the vRO HTTP-REST plug-in to invoke a REST operation
· Modify a workflow to display a non-default icon
· Create a configuration element
· Modify a workflow to use to a configuration element

Section 6 - Configure and Deploy XaaS Components Objective

6.1 - Configure Advanced Service Designer
Objective 6.2 - Create and publish a service blueprint

Objective 6.3 - Create custom resources and actions
· Create a custom resource according to a deployment plan
· Create a service blueprint specifying a provisioned resource
· Design a custom resource form according to a deployment plan
o Edit a custom resource element
o Add a custom resource form page
· Add / Edit / Delete a resource action form
· Add / Edit / Delete a custom resource form
· Create and publish a custom action for:
o Machine blueprint
o Service blueprint

Section 7 - Deploy vRealize Application Services

Objective 7.1 -Deploy and Manage a vRealize Application Services Appliance

Objective 7.2 - Create and Publish an Application Blueprint
· Create an Artifact Repository specification
· Create / Map an Artifact specification
· Deploy an Application with Artifacts

Section 8 - Deploy vRealize Business Standard Objective

8.1 - Deploy and Manage a vRealize Business Standard Appliance
· Deploy vRealize Business Standard appliance
· Integrate vRealize Business Standard with vRealize Automation:
o Add vRealize Automation Hostname
o Configure SSO Default Tenant
o Configure SSO Admin User
o Configure SSO Admin Password
o Set Time Sync Mode
· Create a tenant in vRealize Automation that leverages vRealize Business Standard:
o Specify an Identity Source
o Specify a tenant admin
· Assign vRealize Business roles:
o Business Management Administrator
o Business Management Read only
o Business Management Controller
· Add one or more virtual environments to vRealize Business Standard
· Add one or more vCenter Server instances to vRealize Business Standard
· Update the Reference Database

Objective 8.2 - Configure vRealize Business Standard Costing and Reporting
· Configure cost drivers according to a deployment plan:
o Assign cost for operating system licensing
o Edit cost for server hardware, storage, and network
o Create a monthly cost for facilities and maintenance
· Configure CPU and memory utilization costs
· Configure Consumption Analysis:
o Edit consumer hierarchy
o Edit price value according to a deployment plan o Edit / Import budget to estimate your cost
· Generate vRealize Business vCenter Server report
· Generate a vRealize Automation Report
· Select and export the appropriate report
· Filter and Search for specific reports based on customer requirements

Section 9 - Troubleshoot a vRealize Automation Deployment

Objective 9.1 - Troubleshoot Catalog Issues
· Resolve catalog entitlement issues for:
o Services
o Catalog items
o Catalog item actions
· Interpret vRealize Automation infrastructure log
· Troubleshoot endpoint system resources
· Troubleshoot reservation capacity for memory and storage
· Troubleshoot individual component blueprints in a multi-machine blueprint

Objective 9.2 - Configure, Manage and Collect vRA and Application Services Logs
· Collect logs for vRealize Application Services
· Enable and configure global properties to control how vRA retains legacy data
· Retrieve Logs from the user interface
· Collect Logs from the Application Services Appliance
· Generate a log support bundle for all vRealize Automation components
· Export log data
· Configure database log file rollover

Objective 9.3 - Troubleshoot Approval Policy Issues
· Troubleshoot vRealize Automation catalog item approval policy issues:
o Determine use case of Pre-Approval vs Post-Approval
o Verify the status of an Approval Policy
· Troubleshoot and assign the correct policy types according to a deployment plan
 · Configure approval policy to require approval for specific conditions according to a deployment plan

Objective 9.4 - Troubleshoot Distributed Execution Manager Issues
· Interpret the distributed execution manager (DEM) status log
· Determine and resolve cause for failed install of WAPI and DEMs
· Determine the status for IaaS components
· Filter the workflow history for a specific workflow
· Export vRA log to include a particular severity level
· Export vRA audit log

Objective 9.5 - Troubleshoot Endpoint Issues
· Interpret vRA log files to determine issue with a specific endpoint
· Resolve connection issue between vRA and vRO
· Enable network and security platform for vCenter endpoint
· Edit endpoint credentials associated with a specific endpoint 


* Links were working on date Aug 30 2016. Kindly report any broken link

vRealize Application Services 6.2 registration with vRealize Automation Fails - [Error] Invalid SSO Admin credentials

Registration of vRealize Application Services to vRealize Automation is the first configuration requested after the appliance is deployed. It prompts for the vCAC server name or IP (now vRA ) and then Administrator username and password. For this deployment I started getting below error
[Error] - Invalid SSO Admin credentials

I was certain about my credentials.

checked the Catalina.out logs located at /home/darwin/tcserver/darwin/logs

which clearly talks about "Time Synchronization"

Caused by: com.vmware.vim.sso.client.exception.TimeSynchronizationException: Server returned 'request expired' less than 0 seconds after request was issued, but it shouldn't have expired for at least 600 seconds.

Resolution: Match the time with your vRA and vCenter,

1. run the below command to set appropriate timezone

2. After selecting the right time zone, if you see the lag with vRA and vCenter then use below command to adjust the time

# date +%T -s "10:13:13"
10: Hour (hh)
13: Minute (mm)
13: Second (ss)

Now run the registration again, which should work as expected

Now you can continue importing the out of box sample contents. Hope this was informative,