vCloud Director and vRealize Orchestrator Connection

The extension of VMware vCloud Director with vRealize Orchestrator Workflows for XaaS (Everything as a Service), like already existing in vRealize Automation, was a long awaited feature and let the providers simplify their management and help them to deliver more advanced services to the customers. This is the first part of hopefully a whole series of vCloud Director 9.1 and vRealize Orchestrator service integration blog articles. I will start with the initial part of the vRealize Orchestrator service integration, the vCloud Director and vRealize Orchestrator Connection.

vCloud Director and vRealize Orchestrator Connection - Service Library

More details about service integration and vCloud Director 9.1:

Setup vCloud Director and vRealize Orchestrator Connection

The following steps require a running VMware vCloud Director 9.1 instance, the other components are considered during this article.

Configure vRealize Orchestrator

After the initial deployment of the vRealize Orchestrator appliance just a few configuration steps are necessary for a proper setup.

Configure NTP

It is recommended to use the same time zone and time source for the whole environment.

https://<vRealize Orchestrator IP>:5480/#system.TimeZone

vCloud Director and vRealize Orchestrator Connection - vRO Time Zone

https://<vRealize Orchestrator IP>:5480/#administration.ntp

vCloud Director and vRealize Orchestrator Connection - vRO Time Settings

Configure Logging Integration

The vRealize Orchestrator appliance can out of the box connect to the vRealize Log Insight API for logging.

https://<vRealize Orchestrator IP>:8283/vco-controlcenter/#/control-app/log-configure

vCloud Director and vRealize Orchestrator Connection - vRO Logging Integration

Example of a vRealite Log Insight Orchestrator dashboard widget:

vCloud Director and vRealize Orchestrator Connection - vRO vLI Widget

Configure Authentication Provider

The vRealize Orchestrator appliance needs to be connected via vSphere authentication mode to a vCenter with integrated PSC or an external PSC (probably the PSC Load Balancer).

https://<vRealize Orchestrator IP>:8283/vco-controlcenter/#/control-app/auth-config

vCloud Director and vRealize Orchestrator Connection - vRO Authentication Provider

Note:

If you use an external PSC the “Host address” needs to be the PSC or in case of Load Balancer setup the virtual IP.

Configure Certificates

For a production setup a CA signed certificate is highly recommended.

https://<vRealize Orchestrator IP>:8283/vco-controlcenter/#/control-app/certificates

vCloud Director and vRealize Orchestrator Connection - vRO Certificate

Note:

Certificate needs to be a PEM file with private key included.

Configure Service User

I decided to configure the vCloud Director and vRealize Orchestrator Connection with a dedicated service user with a minimum set of permission.

  • vCenter SSO User and Group

vCloud Director and vRealize Orchestrator Connection - vCenter SSO User and Group

  • vRealize Orchestrator Role Based Access Management

https://<vRealize Orchestrator IP>:8283/vco-controlcenter/#/control-app/roles

vCloud Director and vRealize Orchestrator Connection - vRO Role based Access

  • vRealize Orchestrator Access Rights

The folder which contains the workflows for vCloud Director needs to be enabled for the service user.

vCloud Director and vRealize Orchestrator Connection - vRO Access rights

Configure Plugins

It is not necessary but recommended to install the vCloud Director Plugin and configure the connection to the vCloud Director instance.

  • Install vCloud Director Plugin

https://<vRealize Orchestrator IP>:8283/vco-controlcenter/#/control-app/plugin-manage

vCloud Director and vRealize Orchestrator Connection - vRO vCD Plugin

  • Configure vCloud Director Plugin
    • Import vCloud Director certificate
    • Add  vCloud Director Instance

vCloud Director and vRealize Orchestrator Connection - vRO Import Certificate

vCloud Director and vRealize Orchestrator Connection - vRO add vCD instance

Configure vCloud Director

The only pre-requirement from vCloud Director perspective is the registration with the vSphere Lookup Service. This needs to be the same SSO domain as we configured for vRealize Orchestrator authentication.

vCloud Director and vRealize Orchestrator Connection - vCD Federation SSO configuration

Note:

If you use an external PSC the “vSphere Lookup Service URL” needs to be the PSC or in case of Load Balancer setup the virtual IP.

Configure Tenant Rights

To grant access to the tenants some rights needs be added via vCloud Director API.  To get this job done I use the awesome PowerShell Module from Adrian BeggModule-vCloud-RightsManagement.psm1

After that the newly added rights can be enabled via UI (this is the minimum configuration for tenants):

Add vRealize Orchestrator to vCloud Director

https://<vCloud Director FQDN>/provider/libraries/service-admin/vro-registration

vCloud Director and vRealize Orchestrator Connection - vCD Add vRO Instance

Note:

The Trust Anchor needs to be PEM file with full chain of the vRealize Orchestrator certificate.

Note:

The name of the vRealize Orchestrator is visible to tenants!

Publish first Workflow

To import your first workflow a Service Category needs be created at first (https://<vCloud Director FQDN>/provider/libraries/service-admin/services).

Import Workflow

During the import wizard only the authorized folders are visible.

Publish Workflow

You can decide whether tenant or only the provider can see the workflow.

vCloud Director and vRealize Orchestrator Connection - vCD publish Workflow

Execute Workflow

The vCloud Director HTML5 UI visualizes the configured presentation setting from the vRealize Orchestrator workflow.

vCloud Director and vRealize Orchestrator Connection - vCD execute Workflow

After the execution you can see the result in vRealize Orchestrator itself:

vCloud Director and vRealize Orchestrator Connection - vCD Workflow result

Did you like the article?

You can use this Amazon affiliate link to support the author of this article http://amzn.to/2pAgZOD

Leave a Reply