The extension of VMware vCloud Director with vRealize Orchestrator Workflows for XaaS (Everything as a Service), like already existing in vRealize Automation, was a long awaited feature and let the providers simplify their management and help them to deliver more advanced services to the customers. This is the first part of hopefully a whole series of vCloud Director 9.1 and vRealize Orchestrator service integration blog articles. I will start with the initial part of the vRealize Orchestrator service integration, the vCloud Director and vRealize Orchestrator Connection.
More details about service integration and vCloud Director 9.1:
- YouTube – Service Integration with vCloud Director 9.1
- Breaking Down Cloud Silos with the NEW vCloud Director 9.1 Extensibility Framework
- What’s New in vCloud Director 9.1
Setup vCloud Director and vRealize Orchestrator Connection
The following steps require a running VMware vCloud Director 9.1 instance, the other components are considered during this article.
Configure vRealize Orchestrator
After the initial deployment of the vRealize Orchestrator appliance just a few configuration steps are necessary for a proper setup.
Configure NTP
It is recommended to use the same time zone and time source for the whole environment.
https://<vRealize Orchestrator IP>:5480/#system.TimeZone
https://<vRealize Orchestrator IP>:5480/#administration.ntp
Configure Logging Integration
The vRealize Orchestrator appliance can out of the box connect to the vRealize Log Insight API for logging.
https://<vRealize Orchestrator IP>:8283/vco-controlcenter/#/control-app/log-configure
Example of a vRealite Log Insight Orchestrator dashboard widget:
Configure Authentication Provider
The vRealize Orchestrator appliance needs to be connected via vSphere authentication mode to a vCenter with integrated PSC or an external PSC (probably the PSC Load Balancer).
https://<vRealize Orchestrator IP>:8283/vco-controlcenter/#/control-app/auth-config
Configure Certificates
For a production setup a CA signed certificate is highly recommended.
https://<vRealize Orchestrator IP>:8283/vco-controlcenter/#/control-app/certificates
Configure Service User
I decided to configure the vCloud Director and vRealize Orchestrator Connection with a dedicated service user with a minimum set of permission.
- vCenter SSO User and Group
- vRealize Orchestrator Role Based Access Management
https://<vRealize Orchestrator IP>:8283/vco-controlcenter/#/control-app/roles
- vRealize Orchestrator Access Rights
The folder which contains the workflows for vCloud Director needs to be enabled for the service user.
Configure Plugins
It is not necessary but recommended to install the vCloud Director Plugin and configure the connection to the vCloud Director instance.
- Install vCloud Director Plugin
https://<vRealize Orchestrator IP>:8283/vco-controlcenter/#/control-app/plugin-manage
- Configure vCloud Director Plugin
- Import vCloud Director certificate
- Add vCloud Director Instance
Configure vCloud Director
The only pre-requirement from vCloud Director perspective is the registration with the vSphere Lookup Service. This needs to be the same SSO domain as we configured for vRealize Orchestrator authentication.
Configure Tenant Rights
To grant access to the tenants some rights needs be added via vCloud Director API. To get this job done I use the awesome PowerShell Module from Adrian Begg: Module-vCloud-RightsManagement.psm1
$Orgs = Get-Org foreach ($Org in $Orgs) { $Rights = Get-CIOrgRights -OrgName $Org.name | where {$_.Category -match "Additional Services|vRealize Orchestrator|Service Library"} foreach ($Right in $Rights) { Add-CIOrgRight -OrgName $Org.name -Right $Right.Name } }
After that the newly added rights can be enabled via UI (this is the minimum configuration for tenants):
Add vRealize Orchestrator to vCloud Director
https://<vCloud Director FQDN>/provider/libraries/service-admin/vro-registration
Publish first Workflow
To import your first workflow a Service Category needs be created at first (https://<vCloud Director FQDN>/provider/libraries/service-admin/services).
Import Workflow
During the import wizard only the authorized folders are visible.
Publish Workflow
You can decide whether tenant or only the provider can see the workflow.
Execute Workflow
The vCloud Director HTML5 UI visualizes the configured presentation setting from the vRealize Orchestrator workflow.
After the execution you can see the result in vRealize Orchestrator itself: