vRealize Automation 7.0 has been announced during VMworld Barcelona 2015. It’s the core part of the SDDC. vRA is in the middle of the stack between virtualized infrastructure and the end user applications. It gives an opportunity to have self-provision infrastructure with apps, spanned across multiple hypervisors, multiple types of clouds.
vRealize Automation (vRA) 7 brings simpler deployment options where HA deployment is assured with only two appliances. VMware Identity Management (vIDM) is part of the game where it’s now embedded (not separate appliance), and also new simplified Converged Blueprint Designer(CBP).
vRealize Automation 7.0 – What’s new?
Architecture changes – there is fewer services to deploy and fewer VA’s to manage with fewer external dependencies. All services are automatically clustered when deployed in HA configuration.
To deploy HA architecture now only 2 appliances are necessary, but the installer starts with single OVA. Then you have a choice between simple install or Enterprise install (for setting up 2 HA instances – fully distributed install).
The wizard detects available hosts and allows to chose and assign different roles… (note that the machine discovery needs management agent to be pre-installed). There is also a standalone pre-req checker available.
VMware Identity Management (vIDM). It’s now embedded service in vRA appliance (no separate virtual appliance). IDM replaces SSO. It automatically deploys in HA mode!
IDM gives more capabilities than SSO:
- Multiple domain for single tenant
- Single domain to multiple tenants
- Full OTB branding capabilities
- OTB 3rd party SAML token support
- OTB Smart card support
- Multi-factor authentication
- Login auditing
- Scalability Improvements (over SSO)
- HA support which is configurable by a wizard
Additional vIDM features:
- Supports local users where AD isn’t required (usefull for demo and POC).
- Support for basic operations for users add/remove/edit
- Local users are per tenant.
- Tenant Isolation
- Tenant boundary is flexible, not limited by AD domains
- Sync based on schedule or manual
Converged Blueprints (CBP)
Drag and Drop! – Converged Blueprint Designer is simplified blueprint authoring for IaaS and Applications.
On the left you chose the category, and within the category you chose what you’ll drag on the the canvas.. App services which has been separate appliance, is now incorporated into the blueprint designer.
- Unified graphical canvas for designing machines, software components and application stacks
- Ability to extend or define external integrations in the canvas through XaaS (a.k.a ASD)
- Enable team collaboration by enhancing and introducing fine grain roles
- Avoid App Services complexity that often lead to longer sales cycle or reduced opportunity
NSX Integration for Blueprint authoring and deployment
The networking is also incorporated. It’s possible to drag-and-drop new networks, load balances, on-demand routers. You’ll get a topology view on what’s you’re building…
It’s possible to export or import the blueprints too!
It’s possible to built a nested blueprints! Let’s say you build a blueprint. Save it, make it available, and then consume this blueprint into the canvas to use it.
- Automated connectivity to existing or on-demand networks
- Micro-segmentation for application stack
- Automated security policy enforcement thru NSX security policies, groups and tags
- On-demand dedicated NSX load balancer
- Parent component only, not application-level
NSX consuming is simpler by drag and drop and especially having the possibility to see the view of what’s built.
LifeCycle Extensibility – centralized policy management.
Event broker it looks for events in the event box, an a trigger.
An external solution (already used by customer) can be used for governance and approvals too. This external solution is solution that client has already invested probably some big money. The policy management can ask for an approval this external product and then continue the workflow.
The overall view of LifeCycle Extensibility – Evnet Broker (EBS)