SovLabs vRA Extensibility Modules

SovLabs Plugin 2017.3.x

Release Notes

Add License

Add module license

Once SovLabs vRA Extensibility module(s) have been purchased or requested as a trial, order details and a license key will be sent via email

One license key will enable functionality for all of the SovLabs vRA Extensibility modules requested

  1. Login to the desired vRA tenant
  2. Click on the Catalog tab
  3. Click on the catalog item: Add License - SovLabs Modules
  4. Fill out the form:
    Field Value
    License key Copy & paste the entire SovLabs license file provided (including the header)
  5. Click Submit

Once the SovLabs license has been added, additional vRA Catalog Item(s) will appear for all the modules licensed.


Core module - vRA Extensions

View features and compatibility

Quick Start Process

  1. Define Naming Standard(s)
  2. Define Naming Standard(s)
  3. Apply to existing blueprint(s)
  4. Provision!

Prerequisites

  1. Have naming standard(s) that accounts for different scenarios for your company
  2. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Naming Sequence
    2. Add Naming Standard

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Naming Sequence
    Add Naming Sequence
    Naming Sequence

    One or more Naming Sequences can be used in a Naming Standard

    FieldValue
    Sequence label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Sequence type Choose a sequence type:
    • Decimal (Base 10): 0-9 for each digit
    • HexaDecimal (Base 16): 0-F for each digit
    • Octal (Base 8): 0-7 for each digit
    • Pattern (Mixed bases and static text ): a flexible pattern that allows for unique naming sequences
    Reuse sequence values? Select Yes to reuse a sequence number if it is available
    Max sequence length

    *Shown when Decimal, HexaDecimal or Octal is selected as the sequence type

    What is the maximum number of the sequence length? If a ### sequence is desired, type in 3 for a three digit sequence length

    Initial value

    What is the initial number the sequence starts off with (0 or 1)?

    *Do NOT pad this initial value number

    Sequence padding

    *Shown when Decimal, HexaDecimal or Octal is selected as the sequence type

    Numerical value to pad the sequence to the left in the event that the sequence does not meet the required max sequence length. Defaults to 0

    Pattern type format

    *Shown when Pattern is selected as the sequence type

    Unique key Optional
  3. On the Catalog page, click on the Request button for Add Naming Standard
    Add Naming Standard
    Naming Standard

    A naming standard is a template that generates a specific hostname

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Used for multi-machine containers? Check the checkbox if the naming standard will be used for multi-machine containers
    Select sequence(s) Select the sequences that will be a part of the naming standard
    Template

    Define the naming standard template that will generate the hostname

    The template must include the sequence(s):

    Can be templated: SovLabs Template Engine

Example

Configure Pattern Type

Pattern naming sequences are designed to be flexible and multiple base sequences that can match most sequence types used in the industry.

Pattern naming sequences can contain the following types of bases:

Type Pattern Key Default Value Range
Decimal # 0 0-9
HexaDecimal x 0 0-F
Octal o 0 0-7
Binary b 0 0-1
Alpha a a a-z

*All Pattern Keys are to be defined inside / /

Example: /a#b/ is a sequence of alpha, decimal, and binary numbers/letters.


A unique feature of the pattern naming standard is that the sequence can contain static or template text in the sequence, yet the sequence increments as you would expect, ignoring the text.

For example a pattern of /a/StaticText/b/ will result in a the following sequence values:

aStaticText0, aStaticText1, bStaticText0, bStaticText1, cStaticText0. . .

As you can see that part of the sequence that the counter (inside the / /) increments.

Meanwhile, the text outside of the / / remains static text, yet as the right most digit rolled over the next significant digit increased as one would expect. This can be used with or without static text.

If a template is used, the counter is incremented first and then the template is rendered. This means if you have a property called "App" and you use it in a pattern such as /#//#/

  • Run #1 - App = “Test” => sequence value is 0Test1
  • Run #2 - App = “Foo” => sequence value is 0Foo2

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Custom Naming:
      • Starts with SovLabs-NamingStandard- for single machine scenarios
      • Starts with SovLabs-NamingStandardMultiMachineContainer for multi-machine container scenarios

        Do not attach more than 1 Naming Standard property group to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Custom Naming:
      • Starts with SovLabs-NamingStandard- for single machine scenarios
      • Starts with SovLabs-NamingStandardMultiMachineContainer for multi-machine container scenarios
  4. Repeat Step 3 for all desired blueprints

Core module - vRA Extensions

View features and compatibility

Quick Start Process

  1. Define Microsoft Endpoint(s)
  2. Define AD Configuration(s)
  3. Apply to existing blueprint(s)
  4. Provision!

Prerequisites

  1. Define your domain controller server(s) and whether or not proxy servers will be used
  2. Install AD Webservices on all the domain controllers that will be used
  3. Ensure NTP is set up correctly
  4. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Microsoft Endpoint
    2. Add ActiveDirectory Configuration
    3. Add SovLabs vCenter Endpoint

Setup

  1. Login to the vRA tenant
  2. Perform this step only if using VMware Tools to connect to a jump server or target Microsoft AD server
    • On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
      Add vCenter Endpoint
      SovLabs vCenter Endpoint
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Version Choose the appropriate vCenter version
      Platform Service Controller (FQDN)

      *Shown when 'Version' is 6+

      Type in the PSC FQDN
      Is the PSC embedded on the vCenter server?

      *Shown when 'Version' is 6+

      vCenter hostname (FQDN)

      *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x

      Type in the vCenter server FQDN
      Credential Configuration for vCenter Endpoint
      Create credential?

      Uncheck the checkbox to choose from existing vCenter Endpoint credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Username

      *Shown when 'Create credential' is checked

      Username (user@example.com)

      Password

      *Shown when 'Create credential' is checked

      User's password

  3. On the Catalog page, click on the Request button for Add Microsoft Endpoint
    Add Microsoft Endpoint
    Microsoft Endpoint

    A Windows 2012 R2 jump server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Connection method Connection method to connect to the target or proxy Microsoft server
    vCenter Endpoint

    *Shown if 'Connection method' is vmware-tools

    Select a previously added SovLabs vCenter Endpoint in Step 2

    VM Name as it appears in vCenter

    *Shown if 'Connection method' is vmware-tools

    Type in the VM name of the Microsoft AD server

    Is a jump server?

    Jump servers are limited to SSH daemon connection methods only or VMware Tools

    Choose whether or not to utilize a jump server to make remote commands to the target AD server

    Jump server

    *Shown if 'Is a jump server' is checked

    Type in the jump server FQDN or IP Address for the target AD server

    Remote server

    *Shown if 'Is a jump server' is checked

    Type in the target AD server

    Uses non-standard port? Select the checkbox if WinRM or SSH daemon was configured to listen on a non-standard port
    Port

    *Shown when 'Uses non-standard port' is checked

    Port number
    Credential Configuration for Microsoft Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing Microsoft Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (user@example.com)

    Password

    *Shown when 'Create credential' is checked

    User's password

    Advanced Configuration
    Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
    Share path for temporary directory to access

    Define if administrative shares are not available

    Type in path\share instead of \\share-server\path\share

  4. On the Catalog page, click on the Request button for Add ActiveDirectory Configuration
    Add ActiveDirectory Configuration
    Active Directory Configuration
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Microsoft Endpoint(s) Select all the Microsoft Endpoints configured for Active Directory
    Computer name case Choose whether or not the computer name added in AD is all uppercase or lowercase
    Build OU
    Use Build OU?

    If checked, a VM during it's machineBuilding vRA lifecycle will be placed in an interim OU (Build OU)

    Once the VM has finished building and provisioning, the VM will be moved/placed in the [final] OU

    *The Build OU does not create the parent OU(s), the parent OU(s) must already exist.

    Build OU

    ActiveDirectory Organizational Unit (OU) for VMs to join prior to completing provisioning

    *Must be in DN format

    Create Build OU? Check to create the Build OU if it does not exist
    Remove OU? Check to remove Build OU if it does not have any children and is empty
    OU
    OU

    ActiveDirectory Organizational Unit (OU) for VMs to join

    *Must be in DN format

    Create OU? Check to create OU if it does not exist
    Remove OU? Check to remove OU if it does not have any children and is empty
    Security Group(s)
    AD Security Group(s)

    List any/all Security Group(s) for server to join

    *Must be in DN format

    Advanced
    Delete computer accounts based on computer name? If checked, will attempt to find computer account and remove it, regardless of what OU it is in

Example

SovLabs Template Engine for OUs

Assumptions:
  • The following properties (teamID, ORGID, LOCATION) are defined on the vRA Blueprint or inherited from the vRA Business Group or Compute Resources and etc.
  • teamID: Development
  • ORGID: e712
  • LOCATION: Atlanta
Example OU
  • Input

    OU=,OU=,OU=,DC=sovlabs, DC=net
  • Output

    OU=development,OU=E712,OU=atl,DC=sovlabs,DC=net

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Microsoft AD:

      Starts with SovLabs-AD-

      Do not attach more than 1 Microsoft AD property group to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Microsoft AD:

      Starts with SovLabs-AD-

  4. Repeat Step 3 for all desired blueprints

Core module - vRA Extensions

View features and compatibility

Quick Start Process

  1. Define Notification Configuration(s)
  2. Define Notification Group(s)
  3. Apply to existing blueprint(s)
  4. Provision!

Prerequisites

  1. User account with permissions to the webservices and/or email servers desired
  2. If utilizing an email server, gather the following details:
    • IP Address/hostname of the email server
    • Is the service SMTP or IMAP?
    • Credential details (username/password)
    • Whether SSL/TLS or STARTTLS is required to send emails through your email server
    • Port # of SMTP or IMAP service on that host

      Common ports: (please verify with administrator or provider)

      • SMTP: 25, 465 (SSL), 587 (STARTTLS)
      • IMAP: 143 or 993 (SSL)
  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Notification Configuration
    2. Add Notification Group Configuration
    3. Manage Notification Message Server Configuration
    4. Manage Notification Email Group Configuration
    5. Manage Credential Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Notification Configuration
    Add Notification Configuration
    Notification Configuration

    A notification configuration holds all the necessary information to send notifications

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Type Select the notification type
    State

    VMLIFECYCLE: Select whether to send the notification on a success and/or error states during VM lifecycles

    SNAPSHOT: Select whether or not to send notifications when a new snapshot is found (NEW), when a snapshot is going to be deleted (WARNING), and/or when a snapshot has been deleted (DELETE)

    Backup as a Service modules: Please keep both SUCCESS and ERROR checked

    Message type Select the notification message type
    Format Select the desired format
    From address The address that will be sending the notification

    Can be templated: SovLabs Template Engine

    Title Notification title

    Can be templated: SovLabs Template Engine

    Body Body message - defaulted to standard templates. Please update accordingly

    *For a WebService, the only payload accepted is a JSON payload


    VMLIFECYCLE

    • The template will insert specific logs as the VM goes through its lifecycles.
    • The template will insert any error logs faced as the VM goes through its lifecycles

    Can be templated: SovLabs Template Engine

    Message Server configuration
    New Message Server?

    Check the checkbox to create a new message server

    Uncheck to choose an existing message server

    Message Server

    *Shown when 'New Message Server' is unchecked

    Select the desired message server from a list of existing message servers
    Message server configuration label

    *Shown when 'New Message Server' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Message Server Address

    *Shown when 'New Message Server' is checked

    Message Server address

    NOTE: for a WebService, the request body is used as type JSON to deliver data to the web service it is connecting to.

    The address will not be modified by SovLabs' module to provide data via the URL. If the request is directed at a specific method for the call please include that as part of the address parameter.

    *If the WebService address is: webserver.domain.com and the URL directive for method is: /logmessage, the resulting Message server address should be: webserver.domain.com/logmessage

    Enable SSL?

    *Shown when 'New Message Server' checked

    Choose whether or not SSL is enabled on the message server
    Message Server port

    *Shown when 'New Message Server' is checked

    Message Server port

    Common ports: (please verify with administrator or provider)

    • SMTP: 25, 465 (SSL), 587 (STARTTLS)
    • IMAP: 143 or 993 (SSL)
    Message Server HTTP verb

    *Shown when New Message Server is checked and the Message type is WebService

    Select the HTTP Verb

    Any HTTP verb used must be assumed to use the JSON body content to properly direct the server's behavior. The Notifications module does not modify URL with parameters.

    Message Server protocol

    *Shown when 'New Message Server' is checked

    Select the appropriate protocol
    Enable credential?

    *Shown when 'New Message Server' is checked

    Select whether credentials are enabled on the message server
    Create credential?

    Uncheck the checkbox to choose from existing Message Server credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Enable credential' is checked and 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials for the Message Server

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    Username's password

    Enable STARTTLS?

    *Shown when 'New Message Server' is checked and 'Message Type' is Email

    Select whether or not to enable STARTTLS

    Network timeout Defaulted to 6000
    Email Group configuration

    *Shown when the 'Message Server Type' is Email

    New Email Group?

    Check the checkbox to create a new email group

    Uncheck to choose an existing email group

    Email Group

    *Shown when 'New Email Group' is unchecked

    Select the desired email group from a list of existing email groups
    Email Group configuration label

    *Shown when 'New Email Group' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    To addresses

    *Shown when New Email Group is checked

    Enter all the email addresses to send the notifications to

    Can be templated: SovLabs Template Engine

    CC addresses

    *Shown when New Email Group is checked

    Enter all the email addresses to CC the notifications to

    Can be templated: SovLabs Template Engine

    BCC addresses

    *Shown when New Email Group is checked

    Enter all the email addresses to BCC the notifications to

    Can be templated: SovLabs Template Engine

  3. On the Catalog page, click on the Request button for: Add Notification Group Configuration
    Add Notification Group Configuration
    Notification Group Configuration

    A Notification Group configuration holds multiple notification configurations

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Type Select the type of notifications configurations to group
    Notifications Select all notification configurations filtered by type for this notification group
  4. To update/edit a Message Server for Notifications:
    1. Request Manage Notification Message Server
    2. Select an action: Create/Update/Delete
    3. Fill in the form fields accordingly
  5. To update/edit an Email Group for Notifications:
    1. Request Manage Notification Email Group
    2. Select an action: Create/Update/Delete
    3. Fill in the form fields accordingly

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Notifications:

      Starts with SovLabs-NotificationGroup-

      Do not attach more than 1 Notifications property group to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Notifications:

      Starts with SovLabs-NotificationGroup-

  4. Repeat Step 3 for all desired blueprints

Quick Start Process

  1. Define Endpoint(s)
  2. Define DNS Configuration(s)
  3. Provision!

Core module - DNS

View features and compatibility

Prerequisites

  1. BlueCat user on (all) BlueCats(s) with API permissions:
    1. Through the BlueCat web portal, go to Administration > Users and Groups
    2. On the top-left of the Users pane, select New > User
    3. In the User creation wizard:
      • Type of user: Administrator
      • Access type: API
  2. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add BlueCat Endpoint
    2. Add DNS Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add BlueCat Endpoint
    Add BlueCat Endpoint
    BlueCat Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Hostname BlueCat FQDN
    HTTPS? Choose whether or not BlueCat is on HTTPS
    Port BlueCat port number
    Configuration name BlueCat configuration name
    DNS view name

    BlueCat DNS view name

    Custom User Field Configurations
    Host record user defined field(s)

    Add in any custom user fields (e.g. comments) used for BlueCat DNS

    Can be templated: SovLabs Template Engine

    IP record user defined fields

    *Skip if not using the SovLabs BlueCat IPAM module

    Add in any custom user fields (e.g. comments) used for BlueCat IPAM

    Can be templated: SovLabs Template Engine

    Credential Configuration for BlueCat Endpoint
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. Create the DNS Configuration

Core module - DNS

View features and compatibility

Prerequisites

  1. User with Administrator type Master and Role superuser
  2. Configure Negative Cache TTL on each DNS domain zone otherwise machine provisioning will fail:
    1. Through the BlueCat web portal, go to Management > DNS > Domains
    2. Select the domain to edit
    3. Set the Negative Cache TTL field to 60
  3. BT Diamond's default SSL certificate has a weak hash algorithm that the vRO appliance rejects. Please contact SovLabs for further assistance if the native BT Diamond SSL certificate is being used.
  4. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add BT Diamond Endpoint
    2. Add DNS Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add BT Diamond Endpoint
    Add BT Diamond Endpoint
    BT Diamond Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version BT Diamond version
    IPControl Hostname BT Diamond IPControl FQDN
    Port BT Diamond port number
    Credential Configuration for BT Diamond IPControl Endpoint
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. Create the DNS Configuration

Core module - DNS

View features and compatibility

Prerequisites

  1. Infoblox user on (all) Infoblox appliance(s) with the following permissions:
    • API and GUI access configured
    • Add/remove DNS Records
  2. Infoblox WAPI version must be 1.2+

    *Access https://{infoblox-fqdn}/wapidoc/ and look in the upper-left corner

  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Infoblox Endpoint
    2. Add DNS Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Infoblox Endpoint
    Add Infoblox Endpoint
    Infoblox Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Hostname Infoblox appliance's FQDN or IP address
    HTTPS Select whether or not the Infoblox appliance is HTTPS
    Port

    * Normally 443 for HTTPS and 80 for HTTP

    Infoblox appliance port
    WAPI Version

    Select 1.2 if WAPI version is less than 2.0

    Select 2.0 if WAPI version is 2.0 or greater

    DNS view

    *Optional

    What is the DNS view this endpoint supports?

    Network view

    *Optional

    What is the Network view this endpoint supports?

    Credential Configuration for Infoblox Endpoint
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

    Click Next

    Advanced Options

    Host record template

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

    Leave blank to default

    A record template

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

    Leave blank to default

    PTR record template

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

    Leave blank to default

    Fixed address template

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

    Leave blank to default

  3. Create the DNS Configuration

Core module - DNS

View features and compatibility

Prerequisites

  1. Install Men & Mice Web Services to use REST API
  2. Men & Mice user on (all) Men & Mice with API permissions:
    • API access configured
  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Men and Mice Endpoint
    2. Add DNS Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Men and Mice Endpoint
    Add Men and Mice Endpoint
    Men and Mice Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Men & Mice version
    Hostname Men and Mice FQDN
    HTTPS Select whether or not Men & Mice is HTTPS
    Port Men and Mice port number
    Credential Configuration for Men and Mice Endpoint
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique credential name

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

    IPAM Configuration
    Device custom properties

    *Skip if not using the SovLabs Men & Mice IPAM module

    Add in any custom device properties (e.g. comments) used for Men & Mice IPAM

    Can be templated: SovLabs Template Engine

  3. Create the DNS Configuration

Core module - DNS

View features and compatibility

Prerequisites

  1. Define your domain controller server(s) and whether or not proxy servers will be used
  2. Install AD Webservices on all the domain controllers that will be used
  3. Ensure NTP is set up correctly
  4. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Microsoft Endpoint
    2. Add IPAM Profile
    3. Add SovLabs vCenter Endpoint

Setup

  1. Login to the vRA tenant
  2. Perform this step only if using VMware Tools to connect to a jump server or target Microsoft DNS server
    • On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
      Add vCenter Endpoint
      SovLabs vCenter Endpoint
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Version Choose the appropriate vCenter version
      Platform Service Controller (FQDN)

      *Shown when 'Version' is 6+

      Type in the PSC FQDN
      Is the PSC embedded on the vCenter server?

      *Shown when 'Version' is 6+

      vCenter hostname (FQDN)

      *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x

      Type in the vCenter server FQDN
      Credential Configuration for vCenter Endpoint
      Create credential?

      Uncheck the checkbox to choose from existing vCenter Endpoint credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Username

      *Shown when 'Create credential' is checked

      Username (user@example.com)

      Password

      *Shown when 'Create credential' is checked

      User's password

  3. On the Catalog page, click on the Request button for Add Microsoft Endpoint
    Add Microsoft Endpoint
    Microsoft Endpoint

    A Windows 2012 R2 jump server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Connection method Connection method to connect to the target or proxy Microsoft server
    vCenter Endpoint

    *Shown if 'Connection method' is vmware-tools

    Select a previously added SovLabs vCenter Endpoint in Step 2

    VM Name as it appears in vCenter

    *Shown if 'Connection method' is vmware-tools

    Type in the VM name of the Microsoft AD server

    Is a jump server?

    Jump servers are limited to SSH daemon connection methods only or VMware Tools

    Choose whether or not to utilize a jump server to make remote commands to the target AD server

    Jump server

    *Shown if 'Is a jump server' is checked

    Type in the jump server FQDN or IP Address for the target AD server

    Remote server

    *Shown if 'Is a jump server' is checked

    Type in the target AD server

    Uses non-standard port? Select the checkbox if WinRM or SSH daemon was configured to listen on a non-standard port
    Port

    *Shown when 'Uses non-standard port' is checked

    Port number
    Credential Configuration for Microsoft Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing Microsoft Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (user@example.com)

    Password

    *Shown when 'Create credential' is checked

    User's password

    Advanced Configuration
    Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
    Share path for temporary directory to access

    Define if administrative shares are not available

    Type in path\share instead of \\share-server\path\share

  4. Create the DNS Configuration

Core module - DNS

View features and compatibility

Prerequisites

  1. Must have SolarWinds 4.5.1 in order to make REST API calls
    • SolarWinds user with API permissions: API access configured
  2. SolarWinds 4.3.x and 4.4.x will utilize the SolarWinds database
    • Database credentials for the SolarWinds database with permissions to execute SET/GET queries
  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add SolarWinds Endpoint
    2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add SolarWinds Endpoint
    Add SolarWinds Endpoint
    SolarWinds IP Address Manager Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version

    SolarWinds version

    IP Address Manager Hostname

    *Shown when version is 4.5.1+

    SolarWinds IP Address Manager FQDN
    HTTPS

    *Shown when version is 4.5.1+

    Select whether or not the SolarWinds IP Address Manager is HTTPS
    Port

    *Shown when version is 4.5.1+

    SolarWinds IP Address Manager
    Database hostname

    *Shown when version is 4.3.x, 4.4.x

    SolarWinds database FQDN
    Database name

    *Shown when version is 4.3.x, 4.4.x

    The database name, defaults to SolarWindsOrion
    Database port

    *Shown when version is 4.3.x, 4.4.x

    SolarWinds Database port number
    Credential Configuration for SolarWinds IP Address Manager
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique credential name

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

    DNS Configuration
    Primary DNS Server IP Address

    Type in the Primary DNS server IP Address

    *For Microsoft DNS, any authoritative DNS server.

    For BIND, the primary authoritative DNS server.

    IPAM Configuration
    IPAM comment field

    *Skip if not using the SovLabs SolarWinds IPAM module

    Type in an IP Address' comment when reserved

    Can be templated: SovLabs Template Engine

  3. Create the DNS Configuration

DNS Configuration

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add DNS Configuration
    Add DNS Configuration
    DNS Configuration
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Domains

    Add in all domains for this DNS configuration to support.

    *Must be a qualified domain (e.g. example.com is valid. example without the .com, .org, .net, etc would not be valid)

    Networks Add in all the networks (X.X.X.X/CIDR) for this DNS configuration to support
    DNS server type Select the desired DNS type
    DNS Hosts Select all desired DNS type endpoints
    Create A Records? Check the checkbox to create A Records
    Create PTR Records? Check the checkbox to create PTR Records
    Create Host Records?

    *Shown when DNS server type is 'Infoblox'

    Check the checkbox to create Host Records

    Use as default server?

    Check the checkbox to have this DNS configuration be the default if domain or network is not matched in any other DNS configuration(s)

    Only recommended for simple DNS configurations

Usage

  1. Login to the vRA tenant
  2. Click on the Infrastructure tab > Reservations > Reservations
  3. Hover over the reservation in association with the DNS configured domain and click Edit
    1. Click on the Network tab
    2. Check the appropriate network path and select the appropriate Network Profile from the dropdown
    3. Click OK

The next provisioned VM will automatically attempt to register with DNS only if the VM is in the configured domain and/or network defined for the DNS Configuration

Advanced

Register with additional DNS zones for the same NIC and hostname

  1. Verify a DNS configuration exists for the additional DNS zones
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section:
      1. Click on the New Property button
      2. Type in SovLabs_AdditionalDNSSuffixes for the Name field
      3. For the Value field:
        • Type in a list of additional DNS zones to register the host
        • Must be comma separated
        • Example: zone1.com,zone2.com
      4. Click on the button
    4. Click OK
  4. Repeat Step 2 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section:
      1. Click on the New Property button
      2. Type in SovLabs_DisableDNS for the Name field
      3. Type in true for the Value field
      4. Click on the button
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Quick Start Process

  1. Define Endpoint(s)
  2. Define IPAM Profile(s)
  3. Apply to existing blueprint(s)
  4. Provision!

Core module - IPAM

View features and compatibility

Prerequisites

  1. BlueCat user on (all) BlueCats(s) with API permissions:
    1. Through the BlueCat web portal, go to Administration > Users and Groups
    2. On the top-left of the Users pane, select New > User
    3. In the User creation wizard:
      • Type of user: Administrator
      • Access type: API
  2. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add BlueCat Endpoint
    2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add BlueCat Endpoint
    Add BlueCat Endpoint
    BlueCat Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Hostname BlueCat FQDN
    HTTPS? Choose whether or not BlueCat is on HTTPS
    Port BlueCat port number
    Configuration name BlueCat configuration name
    DNS view name

    *Skip if not using the SovLabs BlueCat DNS module

    BlueCat DNS view name

    Custom User Field Configurations
    Host record user defined field(s)

    *Skip if not using the SovLabs BlueCat DNS module

    Add in any custom user fields (e.g. comments) used for BlueCat DNS

    Can be templated: SovLabs Template Engine

    IP record user defined fields

    Add in any custom user fields (e.g. comments) used for BlueCat IPAM

    Can be templated: SovLabs Template Engine

    Credential Configuration for BlueCat Endpoint
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. Create the IPAM Profile

Core module - IPAM

View features and compatibility

Prerequisites

  1. User with Administrator type Master and Role superuser
  2. Configure Negative Cache TTL on each DNS domain zone otherwise machine provisioning will fail:
    1. Through the BlueCat web portal, go to Management > DNS > Domains
    2. Select the domain to edit
    3. Set the Negative Cache TTL field to 60
  3. BT Diamond's default SSL certificate has a weak hash algorithm that the vRO appliance rejects. Please contact SovLabs for further assistance if the native BT Diamond SSL certificate is being used.
  4. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add BT Diamond Endpoint
    2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add BT Diamond Endpoint
    Add BT Diamond Endpoint
    BT Diamond Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version BT Diamond version
    IPControl Hostname BT Diamond IPControl FQDN
    Port BT Diamond port number
    Credential Configuration for BT Diamond IPControl Endpoint
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. Create the IPAM Profile

Core module - IPAM

View features and compatibility

Prerequisites

  1. Infoblox user on (all) Infoblox appliance(s) with the following permissions:
    • API and GUI access configured
    • Add/remove Host Records, A Records and/or PTR Records
  2. Infoblox WAPI version must be 1.2+

    *Access https://{infoblox-fqdn}/wapidoc/ and look in the upper-left corner

  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Infoblox Endpoint
    2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Infoblox Endpoint
    Add Infoblox Endpoint
    Infoblox Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Hostname Infoblox appliance's FQDN or IP address
    HTTPS Select whether or not the Infoblox appliance is HTTPS
    Port

    * Normally 443 for HTTPS and 80 for HTTP

    Infoblox appliance port
    WAPI Version

    Select 1.2 if WAPI version is less than 2.0

    Select 2.0 if WAPI version is 2.0 or greater

    DNS view

    *Optional

    What is the DNS view this endpoint supports?

    Network view

    *Optional

    What is the Network view this endpoint supports?

    Credential Configuration for Infoblox Endpoint
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

    Click Next

    Advanced Options

    Host record template

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

    Leave blank to default

    A record template

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

    Leave blank to default

    PTR record template

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

    Leave blank to default

    Fixed address template

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

    Leave blank to default

  3. Create the IPAM Profile

Core module - IPAM

View features and compatibility

Prerequisites

  1. Install Men & Mice Web Services to use REST API
  2. Men & Mice user on (all) Men & Mice with API permissions:
    • API access configured
  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Men and Mice Endpoint
    2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Men and Mice Endpoint
    Add Men and Mice Endpoint
    Men and Mice Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Men & Mice version
    Hostname Men and Mice FQDN
    HTTPS Select whether or not Men & Mice is HTTPS
    Port Men and Mice port number
    Credential Configuration for Men and Mice Endpoint
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique credential name

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

    IPAM Configuration
    Device custom properties

    Add in any custom device properties (e.g. comments) used for Men & Mice IPAM

    Can be templated: SovLabs Template Engine

  3. Create the IPAM Profile

Core module - IPAM

View features and compatibility

Prerequisites

  1. Install IPAM client on Microsoft IPAM (target or proxy) server:
    1. Server Manager > Manage > Add Roles and Features
    2. Accept defaults and click Next until the Features option
    3. Expand Remote Server Administration Tools > expand Feature Administration Tools
    4. Select IP Address Management (IPAM) Client
    5. Confirm and click Install
  2. Enable non-local administrators to run IPAM cmdlets
  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Microsoft Endpoint
    2. Add IPAM Profile
    3. Add SovLabs vCenter Endpoint

Setup

  1. Login to the vRA tenant
  2. Perform this step only if using VMware Tools to connect to a jump server or target Microsoft IPAM server
    • On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
      Add vCenter Endpoint
      SovLabs vCenter Endpoint
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Version Choose the appropriate vCenter version
      Platform Service Controller (FQDN)

      *Shown when 'Version' is 6+

      Type in the PSC FQDN
      Is the PSC embedded on the vCenter server?

      *Shown when 'Version' is 6+

      vCenter hostname (FQDN)

      *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x

      Type in the vCenter server FQDN
      Credential Configuration for vCenter Endpoint
      Create credential?

      Uncheck the checkbox to choose from existing vCenter Endpoint credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Username

      *Shown when 'Create credential' is checked

      Username (user@example.com)

      Password

      *Shown when 'Create credential' is checked

      User's password

  3. On the Catalog page, click on the Request button for Add Microsoft Endpoint
    Add Microsoft Endpoint
    Microsoft Endpoint

    A Windows 2012 R2 jump server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Connection method Connection method to connect to the target or proxy Microsoft server
    vCenter Endpoint

    *Shown if 'Connection method' is vmware-tools

    Select a previously added SovLabs vCenter Endpoint in Step 2

    VM Name as it appears in vCenter

    *Shown if 'Connection method' is vmware-tools

    Type in the VM name of the Microsoft AD server

    Is a jump server?

    Jump servers are limited to SSH daemon connection methods only or VMware Tools

    Choose whether or not to utilize a jump server to make remote commands to the target AD server

    Jump server

    *Shown if 'Is a jump server' is checked

    Type in the jump server FQDN or IP Address for the target AD server

    Remote server

    *Shown if 'Is a jump server' is checked

    Type in the target AD server

    Uses non-standard port? Select the checkbox if WinRM or SSH daemon was configured to listen on a non-standard port
    Port

    *Shown when 'Uses non-standard port' is checked

    Port number
    Credential Configuration for Microsoft Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing Microsoft Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (user@example.com)

    Password

    *Shown when 'Create credential' is checked

    User's password

    Advanced Configuration
    Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
    Share path for temporary directory to access

    Define if administrative shares are not available

    Type in path\share instead of \\share-server\path\share

  4. Create the IPAM Profile

Core module - IPAM

View features and compatibility

Prerequisites

  1. Must have SolarWinds 4.5.1 in order to make REST API calls
    • API access configured
  2. SolarWinds 4.3.x and 4.4.x will utilize the SolarWinds database
    • Database credentials for the SolarWinds database with permissions to execute SET/GET queries
  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add SolarWinds Endpoint
    2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add SolarWinds Endpoint
    Add SolarWinds Endpoint
    SolarWinds IP Address Manager Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version

    SolarWinds version

    IP Address Manager Hostname

    *Shown when version is 4.5.1+

    SolarWinds IP Address Manager FQDN
    HTTPS

    *Shown when version is 4.5.1+

    Select whether or not the SolarWinds IP Address Manager is HTTPS
    Port

    *Shown when version is 4.5.1+

    SolarWinds IP Address Manager
    Database hostname

    *Shown when version is 4.3.x, 4.4.x

    SolarWinds database FQDN
    Database name

    *Shown when version is 4.3.x, 4.4.x

    The database name, defaults to SolarWindsOrion
    Database port

    *Shown when version is 4.3.x, 4.4.x

    SolarWinds Database port number
    Credential Configuration for SolarWinds IP Address Manager
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique credential name

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

    DNS Configuration
    Primary DNS Server IP Address

    *Skip if not using the SovLabs SolarWinds DNS module

    Type in the Primary DNS server IP Address

    *For Microsoft DNS, any authoritative DNS server.

    For BIND, the primary authoritative DNS server.

    IPAM Configuration
    IPAM comment field

    Type in an IP Address' comment when reserved

    Can be templated: SovLabs Template Engine

  3. Create the IPAM Profile

IPAM Profile

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add IPAM Profile
    Add IPAM Profile
    IPAM Profile
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Description

    *Optional

    Description of IPAM profile

    IPAM type Select the desired IPAM type
    Provider host

    *Auto-populates after an IPAM type is selected. If nothing is available, please make sure to have added an IPAM type endpoint

    Select the desired IPAM type endpoint

    Subnets, Gateways and Network names Subnet: X.X.X.X/CIDR
    Gateway: X.X.X.X
    Network Name: Corresponds to the VMware port group name in vCenter to be configured on the VM for this nic. Please refer to your vCenter configuration to identify what this value should be (vSphere Client > Networking > Portgroups).

    Can be templated: SovLabs Template Engine

    1. Type in a subnet and its gateway and network name (all comma separated) into the input field

      (e.g. 10.0.0.0/24, 10.0.0.1, networkName)

    2. Click the green to add the entry into the array
    3. Repeat Steps 1-2 until all desired subnets for the IPAM profile are entered
    Excluded IPs Enter all IPs to be excluded (e.g. 10.0.0.1)
    NIC number Enter in a NIC number (0-9) for this IPAM profile
    Primary DNS Input the Primary DNS
    Secondary DNS Input the Secondary DNS
    DNS suffix Input the DNS suffix
    DNS search suffix Input the DNS search suffix(es) (comma separated)
    Primary WINS Input the Primary WINS
    Secondary WINS Input the Secondary WINS

Usage

  1. Login to the vRA tenant
  2. Click on the Infrastructure tab > Reservations > Network Profiles
  3. Hover over the network profile that best matches the network for the IPAM and click Edit
    1. On the Network Profile Information tab in the DNS/WINS section, verify that the DNS Suffix is set
    2. Click OK
  4. Click on the Reservation menu item from Infrastructure tab > Reservations
  5. Hover over the reservation in association with the network profile from Step 3 and click Edit
    1. Click on the Network tab
    2. Keep one network path checked and uncheck the rest, if any
    3. Clear the all Network Profile dropdown values (that were associated with the network path(s)) by selecting the empty select option
    4. Click OK
  6. Click on the Design tab > Blueprints
  7. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for IPAM:

      Starts with SovLabs-IPAMProfile- and ends with -nic#

      Do not attach more than 1 IPAM property group to a blueprint with the same nic number

  8. Repeat Step 7 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for IPAM:

      Starts with SovLabs-IPAMProfile- and ends with -nic#

  4. Repeat Step 3 for all desired blueprints

Core module - vSphere

View features and compatibility

Quick Start Process

  1. Define vSphere vCenter Endpoint(s)
  2. Define DRS Profile(s)
  3. Apply to existing blueprint(s)
  4. Provision!

Prerequisites

  1. vSphere vCenter(s) are properly configured
  2. Cluster(s) and host group(s) are properly configured
  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add SovLabs vCenter Endpoint
    2. Add DRS Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add vCenter SovLabs Endpoint
    Add vCenter Endpoint
    SovLabs vCenter Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Choose the appropriate vCenter version
    Platform Service Controller (FQDN)

    *Shown when 'Version' is 6+

    Type in the PSC FQDN
    Is the PSC embedded on the vCenter server?

    *Shown when 'Version' is 6+

    vCenter hostname (FQDN)

    *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x

    Type in the vCenter server FQDN
    Credential Configuration for vCenter Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing vCenter Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (user@example.com)

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. On the Catalog page, click on the Request button for Add DRS Profile
    Add DRS Profile
    DRS Profile
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    vCenter Endpoint Select the desired SovLabs vCenter endpoint
    Cluster Select from auto-generated list of vCenter clusters when the vCenter Endpoint is selected
    Host group Select from auto-generated list of vCenter host groups when the vCenter Endpoint is selected
    Rule Select the DRS rule:
    • Must run on host group
    • Should run on host group
    • Must not run on host group
    • Should not run on host group

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for vSphere DRS:

      Starts with SovLabs-DRS-

      Do not attach more than 1 vSphere DRS property group to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for vSphere DRS:

      Starts with SovLabs-DRS-

  4. Repeat Step 3 for all desired blueprints

Core module - vSphere

View features and compatibility

Quick Start Process

  1. Define vSphere vCenter Endpoint(s)
  2. Define vRA IaaS and vRA CAFE Endpoint
  3. Define Notification Configuration
  4. Define Notification Group
  5. Define Snapshot Configuration

Prerequisites

  1. vSphere vCenter(s) are properly configured
  2. Cluster(s) and host group(s) are properly configured
  3. If utilizing an email server, gather the following details:
    • IP Address/hostname of the email server
    • Is the service SMTP or IMAP?
    • Credential details (username/password)
    • Whether SSL/TLS or STARTTLS is required to send emails through your email server
    • Port # of SMTP or IMAP service on that host

      Common ports: (please verify with administrator or provider)

      • SMTP: 25, 465 (SSL), 587 (STARTTLS)
      • IMAP: 143 or 993 (SSL)
  4. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add SovLabs vCenter Endpoint
    2. Add SovLabs vRA CAFE Endpoint
    3. Add SovLabs vRA IaaS Endpoint
    4. Add Snapshot Configuration
    5. Add Notification Configuration
    6. Add Notification Group
    7. Manage Snapshot Scheduler

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
    Add vCenter Endpoint
    SovLabs vCenter Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Choose the appropriate vCenter version
    Platform Service Controller (FQDN)

    *Shown when 'Version' is 6+

    Type in the PSC FQDN
    Is the PSC embedded on the vCenter server?

    *Shown when 'Version' is 6+

    vCenter hostname (FQDN)

    *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x

    Type in the vCenter server FQDN
    Credential Configuration for vCenter Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing vCenter Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (user@example.com)

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. On the Catalog page, click on the Request button for Add SovLabs vRA CAFE Endpoint
    Add SovLabs vRA CAFE Endpoint
    SovLabs vRA CAFE Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Read-only field based on querying vRA CAFE from the vRA tenant
    Hostname (FQDN) Auto-generated based on querying vRA CAFE. Please verify
    Credential Configuration for vRA CAFE Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing vRA CAFE credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (user@example.com)

    Password

    *Shown when 'Create credential' is checked

    User's password

  4. On the Catalog page, click on the Request button for Add SovLabs vRA IaaS Endpoint
    Add SovLabs vRA IaaS Endpoint
    SovLabs vRA IaaS Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Read-only field based on querying vRA IaaS from the vRA tenant
    Hostname (FQDN) Auto-generated based on querying vRA IaaS. Please verify
    Credential Configuration for vRA IaaS Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing vRA CAFE credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (username only, no domain)

    Password

    *Shown when 'Create credential' is checked

    User's password

  5. On the Catalog page, click on the Request button for Add Notification Configuration
    Add Notification Configuration
    Notification Configuration

    A notification configuration holds all the necessary information to send notifications

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Type Select SNAPSHOT
    State Select whether or not to send notifications when a new snapshot is found NEW,
    when a snapshot is going to be deleted WARNING,
    and/or when a snapshot has been deleted DELETE
    Message type Select the notification message type
    Format Select the desired format
    From address The address that will be sending the notification

    Can be templated: SovLabs Template Engine

    Title Notification title

    Can be templated: SovLabs Template Engine

    Body Body message - defaulted to standard templates. Please update accordingly

    *For a WebService, the only payload accepted is a JSON payload

    Can be templated: SovLabs Template Engine

    Message Server configuration
    New Message Server?

    Check the checkbox to create a new message server

    Uncheck to choose an existing message server

    Message Server

    *Shown when 'New Message Server' is unchecked

    Select the desired message server from a list of existing message servers
    Message server configuration label

    *Shown when 'New Message Server' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Message Server Address

    *Shown when 'New Message Server' is checked

    Message Server address

    NOTE: for a WebService, the request body is used as type JSON to deliver data to the web service it is connecting to.

    The address will not be modified by SovLabs' module to provide data via the URL. If the request is directed at a specific method for the call please include that as part of the address parameter.

    *If the WebService address is: webserver.domain.com and the URL directive for method is: /logmessage, the resulting Message server address should be: webserver.domain.com/logmessage

    Enable SSL?

    *Shown when 'New Message Server' checked

    Choose whether or not SSL is enabled on the message server
    Message Server port

    *Shown when 'New Message Server' is checked

    Message Server port

    Common ports: (please verify with administrator or provider)

    • SMTP: 25, 465 (SSL), 587 (STARTTLS)
    • IMAP: 143 or 993 (SSL)
    Message Server HTTP verb

    *Shown when New Message Server is checked and the Message type is WebService

    Select the HTTP Verb

    Any HTTP verb used must be assumed to use the JSON body content to properly direct the server's behavior. The Notifications module does not modify URL with parameters.

    Message Server protocol

    *Shown when 'New Message Server' is checked

    Select the appropriate protocol
    Enable credential?

    *Shown when 'New Message Server' is checked

    Select whether credentials are enabled on the message server
    Create credential?

    Uncheck the checkbox to choose from existing Message Server credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Enable credential' is checked and 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials for the Message Server

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    Username's password

    Enable STARTTLS?

    *Shown when 'New Message Server' is checked and 'Message Type' is Email

    Select whether or not to enable STARTTLS

    Network timeout Defaulted to 6000
    Email Group configuration

    *Shown when the 'Message Server Type' is Email

    New Email Group?

    Check the checkbox to create a new email group

    Uncheck to choose an existing email group

    Email Group

    *Shown when 'New Email Group' is unchecked

    Select the desired email group from a list of existing email groups
    Email Group configuration label

    *Shown when 'New Email Group' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    To addresses

    *Shown when New Email Group is checked

    Enter all the email addresses to send the notifications to

    Can be templated: SovLabs Template Engine

    CC addresses

    *Shown when New Email Group is checked

    Enter all the email addresses to CC the notifications to

    Can be templated: SovLabs Template Engine

    BCC addresses

    *Shown when New Email Group is checked

    Enter all the email addresses to BCC the notifications to

    Can be templated: SovLabs Template Engine

  6. On the Catalog page, click on the Request button for: Add Notification Group Configuration
    Add Notification Group Configuration
    Notification Group Configuration

    A Notification Group configuration holds multiple notification configurations

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Type Select SNAPSHOT
    Notifications Select all Snapshot notification configurations filtered this notification group
  7. On the Catalog page, click on the Request button for: Add Snapshot Configuration
    Add Snapshot Configuration
    Snapshot Configuration

    A Snapshot configuration represents configurations for vSphere Snapshot Management

    FieldValue
    vCenter Endpoints defined? Read-only field, should say "Yes". SovLabs vCenter Endpoints must be defined prior to submitting this form.
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    SovLabs vRA CAFE Endpoint Select the desired SovLabs vRA CAFE endpoint. Make sure to define SovLabs vRA CAFE endpoint(s) prior to.
    SovLabs vRA IaaS Endpoint Select the desired SovLabs vRA IaaS endpoint. Make sure to define SovLabs vRA IaaS endpoint(s) prior to.
    Notification Group Select the desired Notification Group. Make sure to define Notification Group(s) with type SNAPSHOT prior to.
    VMs for all vRA Business Groups? Select whether or not to manage snapshots for all vRA Business Groups defined for this vRA tenant.
    Filter VMs by vRA Business Group(s)

    *Shown when 'VMs for all vRA Business Groups?' is checked

    Select all desired vRA Business Group(s) to manage snapshots for

    Snapshot lifespan (days) Define a snapshot's lifespan in number of days
    Expiration warning notification(s) Define when to send warning notifications in number of days from expiration
    Snapshot lifespan (days) Define a snapshot's lifespan in number of days

    Click "Next"

    FieldValue
    Snapshot Scheduler
    All scheduling will be executed in the vRO instance timezone Read-only field that depicts vRealize Orchestrator's timezone. When defining a schedule for snapshot management, please convert your desired scheduled time(s) to be aligned with vRO's timezone.
    Schedule is active? Defaulted to "Yes". At a later time, can specify a specific Snapshot Configuration to be inactive by unchecking the checkbox and will not run for the specific Snapshot Configuration
    Schedule type Define when to run this Snapshot Configuration: Daily, Weekly, Monthly, or Run once
    Daily
    Weekly
    Monthly
    Run once

    Daily: hh:mm in military time

    Weekly: EEE hh:mm where EEE is Mon, Tue, Wed, Thu, Fri, Sat, Sun and hh:mm is in military time

    Monthly: dd hh:mm where dd is the day of the month 01-31 and hh:mm is in military time

    Run once: Select a specific date and time to run. Will only run once.

    Schedule end date *Optional: Select a date when to end this Snapshot Configuration scheduled task

Usage

  • An inventory will run and send out notifications appropriately.
  • If a snapshot's age has met the expiration day, it will automatically delete the snapshot.
  • The last SovLabs Snapshot Configuration deleted will delete the vRealize Orchestrator scheduled task for Snapshot Management
  • To resume previously suspended SovLabs vSphere Snapshot configurations:
    1. Login to the vRA tenant
    2. Click on the Catalog tab
    3. Click on Manage Snapshot Scheduler:
      1. Click on the desired action Resume
      2. Click Submit

Disable

  1. Login to the vRA tenant
  2. Click on the Catalog tab
  3. Click on Manage Snapshot Scheduler:
    1. Click on the desired action Suspend
    2. Click Submit

Core module - vRA Extensions

View features and compatibility

Quick Start Process

  1. Define Property Set(s) on existing blueprint(s)
  2. Provision!

Setup

Property names and values can be templated using the SovLabs Template Engine

  1. Login to the vRA tenant
  2. Click on the Administration tab > Property Dictionary
  3. Click on Property Group
  4. Click on +New
    • Name: Provide a name for the Property Group
    • Properties: Click on +New to add a new property:
      • Name:
        • Always prefix the name with SovLabs_CreateProperties_ (e.g. SovLabs_CreateProperties_Location)
        • Multiple properties can be attached as long as the suffix is unique

      • Value: Multiple properties can exist on each property and must be in one of the following 4 formats
        1. Single Object (JSON format)
          Example
          • Format

            {
                                                 "name": "foo",
                                                 "value": "bar",
                                                 "hidden": false,
                                                 "runtime": false,
                                                 "encrypted": false,
                                                 "doNotUpdate": false
                                                }
                                                
          • Description

            • name is the name of the Property
            • value is the value of the Property
            • Optional fields may be omitted: hidden, runtime, encrypted and doNotUpdate
            • hidden, runtime, encrypted and doNotUpdate all default to false
        2. Array
          Example
          • Format

            [
                                                 "foo", //name
                                                 "bar", //value
                                                 false, //hidden
                                                 false, //runtime
                                                 false, //encrypted
                                                 false  //doNotUpdate
                                                ]
                                                
          • Description

            • name is the name of the Property
            • value is the value of the Property
            • Optional fields may be omitted: hidden, runtime, encrypted and doNotUpdate
            • hidden, runtime, encrypted and doNotUpdate all default to false
        3. Array of Single Objects (JSON format)
          Example
          • Format

            [
                                                 {
                                                  "name": "foo",
                                                  "value": "bar",
                                                  "hidden": false,
                                                  "runtime": false,
                                                  "encrypted": false,
                                                  "doNotUpdate": false
                                                 },
                                                 {
                                                  "name": "hello",
                                                  "value": "world",
                                                  "hidden": true,
                                                  "runtime": false,
                                                  "encrypted": true,
                                                  "doNotUpdate": false
                                                 }
                                                ]
                                                
          • Description

            • name is the name of the Property
            • value is the value of the Property
            • Optional fields may be omitted: hidden, runtime, encrypted and doNotUpdate
            • hidden, runtime, encrypted and doNotUpdate all default to false
        4. Array of an Array
          Example
          • Format

            [
                                                 [
                                                  "foo", //name
                                                  "bar", //value
                                                  false, //hidden
                                                  false, //runtime
                                                  false, //encrypted
                                                  false  //doNotUpdate
                                                 ],
                                                 [
                                                  "hello", //name
                                                  "world", //value
                                                  true, //hidden
                                                  false, //runtime
                                                  false, //encrypted
                                                  true  //doNotUpdate
                                                 ]
                                                ]
                                                
          • Description

            • name is the name of the Property
            • value is the value of the Property
            • Optional fields may be omitted: hidden, runtime, encrypted and doNotUpdate
            • hidden, runtime, encrypted and doNotUpdate all default to false
    • Encrypted: Select whether or not the property should be encrypted
    • Show in Request: Select whether or not the Property Group should be shown in the blueprint request
  5. Save

Usage

Apply to vRA Blueprints

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for SovLabs Property Toolkit that was created

  4. Repeat Step 3 for all desired blueprints

Managing vRA Properties on multiple VMs

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Manage Properties
    Manage Properties
    SovLabs Property Toolkit - Manage Properties
    FieldValue
    Hostname filter

    *Regex and wildcards are not supported

    Type in a part of the hostname to filter out VMs by hostname

    Property filter

    *Regex and wildcards are not supported

    Type in a VM property name and value to filter out VMs by custom properties

    Business Group filter

    *Regex and wildcards are not supported

    Type in the vRA Business Group name to filter out VMs by vRA Business Group(s)
    Selected VMs Select and move VMs to the right to affect properties on those VMs
    Action Select whether to Create, Update or Delete property on the selected VMs
    Property Name

    Type in the Property name to create, update or delete

    Property Value

    *Not shown for Create New Property action

    Type in the (new) Property value

    Hidden

    *Not shown for Create New Property action

    Select whether or not to hide the property.

    Encrypted

    *Not shown for Create New Property action

    Select whether or not to encrypt the property

    Show in Request

    *Not shown for Create New Property action

    Select whether or not to show the property in the request

    Confirm action

    *Not shown for Create New Property action

    Type in the Action field text to confirm

End-user Managing vRA Properties for VMs

  1. Login to the vRA tenant
  2. Click on the Items tab and select Machines
  3. Select the desired VM and click on Actions on the top column of the VM list
  4. Select Manage Properties (SovLabs Property Toolkit)
    Manage Properties
    Manage Properties (SovLabs Property Toolkit)
    FieldValue
    Action Select whether to Create, Update or Delete property on the selected VMs
    Property Picker Select the VM Property to manage
    Property Name

    Type in the Property name to create, update or delete

    Property Value

    *Not shown for Create New Property action

    Type in the (new) Property value

    Hidden

    *Not shown for Create New Property action

    Select whether or not to hide the property.

    Encrypted

    *Not shown for Create New Property action

    Select whether or not to encrypt the property

    Show in Request

    *Not shown for Create New Property action

    Select whether or not to show the property in the request

Lifecycle

Properties are created during the following stages of the VM lifecycle via vRealize Automation Event Broker Subscriptions:

  • Machine Requested
  • Machine Provisioned

Disable

Removing from vRA Blueprints

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for SovLabs Property Toolkit that was created
  4. Repeat Step 3 for all desired blueprints

Preventing Manage Properties on VM(s)

  • Once the process to create/update/delete a property on VM(s) has started, it cannot be stopped.
  • To prevent the requester from Managing Properties on VM(s), remove the entitlement

Core module - vRA Extensions

View features and compatibility

Quick Start Process

  1. Define VM tag properties on existing blueprint(s)
  2. Provision!

Setup

The SovLabs VM Tagging module is solely driven through vRA custom properties.

Property names and values can be templated using the SovLabs Template Engine

  1. Login to the vRA tenant
  2. Click on the Administration tab > Property Dictionary
  3. Click on Property Group
  4. Click on +New
    • Name: Provide a name for the Property Group
    • Properties: Click on +New to add a new property:
      • Name:
        • Always prefix the name with SovLabs_CreateTags_VMW_ (e.g. SovLabs_CreateTags_VMW_Location)
        • Multiple properties can be attached as long as the suffix is unique

      • Value: Multiple properties can exist on each property and must be in one of the following 4 formats
        1. Single Object (JSON format)
          Example
          • Format

            {
                                                 "name": "foo",
                                                 "category": "bar",
                                                 "cardinalitySingle": false,
                                                 "tagDescription": "desc",
                                                 "categoryDescription": "desc 2"
                                                }
                                                
          • Description

            • name is the name of the Tag
            • value is the name of the Tag Category
            • Optional fields may be omitted: cardinalitySingle, tagDescription and categoryDescription
        2. Array
          Example
          • Format

            [
                                                 "foo", //name
                                                 "bar", //category
                                                 false, //cardinalitySingle
                                                 "desc", //tagDescription
                                                 "desc 2", //categoryDescription
                                                ]
                                                
          • Description

            • name is the name of the Tag
            • value is the name of the Tag Category
            • Optional fields may be omitted: cardinalitySingle, tagDescription and categoryDescription
        3. Array of Single Objects (JSON format)
          Example
          • Format

            [
                                                 {
                                                  "name": "foo",
                                                  "category": "bar",
                                                  "cardinalitySingle": false,
                                                  "tagDescription": "desc",
                                                  "categoryDescription": "desc 2"
                                                 },
                                                 {
                                                  "name": "hello",
                                                  "category": "world",
                                                  "cardinalitySingle": true,
                                                  "tagDescription": "desc 3",
                                                  "categoryDescription": "desc 4"
                                                 }
                                                ]
                                                
          • Description

            • name is the name of the Tag
            • value is the name of the Tag Category
            • Optional fields may be omitted: cardinalitySingle, tagDescription and categoryDescription
        4. Array of an Array
          Example
          • Format

            [
                                                 [
                                                  "foo", //name
                                                  "bar", //category
                                                  false, //cardinalitySingle
                                                  "desc", //tagDescription
                                                  "desc 2", //categoryDescription
                                                 ],
                                                 [
                                                  "hello", //name
                                                  "world", //category
                                                  false, //cardinalitySingle
                                                  "desc 3", //tagDescription
                                                  "desc 4", //categoryDescription
                                                 ]
                                                ]
                                                
          • Description

            • name is the name of the Tag
            • value is the name of the Tag Category
            • Optional fields may be omitted: cardinalitySingle, tagDescription and categoryDescription
    • Encrypted: Select whether or not the property should be encrypted
    • Show in Request: Select whether or not the Property Group should be shown in the blueprint request
  5. Save

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for SovLabs VM Tagging that was created

  4. Repeat Step 3 for all desired blueprints

Lifecycle

Provisioning

  • When a tagged VM is provisioned, the VM’s relationship to the Tag is created
  • If the Tag Category does not exist, it will be created in vCenter
  • If the Tag does not exist, it will be created in vCenter

*If the property name or value resolves to an empty string it will be skipped.

De-provisioning

  • When a tagged VM is destroyed, the VM’s relationship to the Tag is also removed
  • Tags are not removed from vCenter upon VM removal
  • Categories are not removed from vCenter upon VM removal

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for SovLabs VM Tagging that was created
  4. Repeat Step 3 for all desired blueprints

Advanced Module - Configuration Management

View features and compatibility

Quick Start Process

  1. Define Ansible Tower Endpoint(s)
  2. Define Ansible Tower Profile(s)
  3. Define Ansible Tower Inventory Profile(s)
  4. Apply to existing blueprint(s)
  5. Provision!

Prerequisites

  1. Ansible Tower is properly configured
  2. An account with permissions to desired Ansible Tower(s)
  3. Dynamic Inventory script vra.py is installed
  4. Dynamic Inventory configuration vra.yaml is installed
  5. Configure Inventory on the Ansible Tower server:
    1. Download the generate_ansInv.sh script

      Must have an account and login to download

    2. Run the script as root on the Ansible Tower server
  6. Set up Organizations, Teams, Projects, Job Templates, Machine Credentials, and Inventories in Ansible Tower
  7. Set up any Playbooks to be exercised from Ansible Tower
  8. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Ansible Tower Endpoint
    2. Add Ansible Tower Profile
    3. Add Ansible Tower Inventory Profile
    4. Manage Credentials

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Ansible Tower Endpoint
    Add Ansible Tower Endpoint
    Add an Ansible Tower Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Hostname Ansible Tower hostname
    Credential Configuration for Ansible Tower Endpoint
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique credential label

    Username

    *Shown when 'Create credential' is unchecked

    Account username that has access/rights to Ansible Tower

    Password

    Shown when 'Create credential' is unchecked

    User's password

    Organization
    Organization

    Select the appropriate Ansible Tower organization from an existing list of organizations

    The drop-down menu values will auto-generated once a credential has been selected or a valid username/password is entered

  3. On the Catalog page, click on the Request button for Add Ansible Tower Profile
    Add Ansible Tower Profile
    Add Ansible Tower Profile
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Ansible Tower Endpoint Select an Ansible Tower Endpoint that was previously added
    Filter Projects by Team

    *Auto-generated list of Teams based on the Ansible Tower Endpoint selected

    Select the desired Team, if any
    Filter Job Templates by Project

    *Auto-generated list of Projects based on the Ansible Tower Endpoint selected

    Select the desired Project, if any
    Get Job Templates from list?

    Uncheck to manually enter a Job Template name

    Check the checkbox to select from an existing list

    Job Templates

    If unchecked for 'Get Job Templates from list?', manually enter a Job Template name.

    If checked for 'Get Job Templates from list?', select an existing Job Template

    Get Deprovision Job Templates from list?

    Uncheck to manually enter a deprovision Job Template name

    Check to select from an existing list of deprovision Job Templates

    Deprovision Job Templates

    If unchecked for 'Get Deprovision Job Templates from list?', manually enter a deprovision Job Template name

    If checked 'Get Deprovision Job Templates from list?', select an existing deprovision Job Template

    Advanced
    Machine credential

    *Auto-generated list of machine credentials based on the Ansible Tower Endpoint selected

    Select the desired machine credential, if any
    Inventory

    *Auto-generated list of Inventory based on the Ansible Tower Endpoint selected

    Select the desired Inventory, if any
    Extra vars

    Define a string that represents a JSON or YAML formatted dictionary (with escaped parentheses) which includes variables given by the user, including answers to survey questions

  4. On the Catalog page, click on the Request button for Add Ansible Tower Inventory Profile
    Add Ansible Tower Inventory Profile
    Ansible Tower Inventory Profile
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Ansible Tower Endpoint Select an Ansible Tower Endpoint
    vRA IaaS URL

    *Auto-generated vRA IaaS URL, must match a configured IaaS URL in vRO

    Verify vRA IaaS URL
    Filters
    vRA Business Group(s)

    *Auto-generated list of vRA Business Groups, if any

    Select the desired vRA Business Group(s). Leave blank to select all
    Property Filters Specify the properties (key, value) to filter on. May have zero or more property filters
    Dynamic Groups
    Group separator Define how VMs will be grouped via one or more string characters. Used in the groups definitions below to separate groups name
    Groups Groups are defined as templates that will be resolved with vmProperties. If one property does not resolve, that group will be omitted. List groups, separated by the character defined in Group separator above
    Paging
    Result page size Specify the maximum number of VMs to return at one time, will make multiple calls to get the entire inventory. Leave blank to get all VMs in a page result.

Inventory Configuration

  1. Remote login to the Ansible Tower instance
  2. Create a directory for the Ansible Tower Inventory Profile config file vra.yaml
  3. Download vra.py and vra.yaml from Github into this new directory
  4. Edit vra.yaml
    • Verify all configuration values are correct and appertain to the Ansible Tower setup
    • Verify atow_inv_profile_name is the value of the “Configuration label” from the Ansible Tower Inventory Profile
    • Save & close
  5. Login to Ansible Tower web application
  6. Assuming the Prerequisites section in the beginning of the Ansible Tower section has been completed, add the Dynamic Inventory script vra.py to a new Inventory Script
    1. Click the Settings button in the top menu and select INVENTORY SCRIPTS
    2. Click on +Add or an existing Inventory Script hyperlink
    3. Copy & paste the contents of vra.py into the * CUSTOM SCRIPT field, and provide a value for NAME
  7. Now the Inventory Script will be associated with an Inventory
    1. Click on INVENTORIES in the main menu
    2. Click on +Add or an existing Inventory
    3. Fill in the Name and Description fields and click Save
    4. On the next screen, click on +ADD GROUP
    5. Provide a NAME and click on SOURCE, selecting Custom Script from the drop down. This will cause the *CUSTOM INVENTORY SCRIPT field to appear
    6. Click the spyglass in *CUSTOM INVENTORY SCRIPT and select the name of the INVENTORY SCRIPT item created in Step 6.2
    7. In the ENVIRONMENT VARIABLES text area, enter the following text, substituting the directory path created in Step 2
      VRA_YAML: /{directory path}/vra.yaml
    8. Select the 3 update options of Overwrite, Overwrite Variables, and Update on Launch
    9. Click Save

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Ansible Tower:

      Starts with SovLabs-AnsibleTowerProfile-

      Do not attach more than 1 Ansible Tower property group to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints
  5. Provision

Disable Ansible Tower Inventory

  1. Login to the Ansible Tower web application
  2. Follow Steps 7 and for 7.3, click on SOURCE > Choose a source
  3. Click Save

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Ansible Tower:

      Starts with SovLabs-AnsibleTowerProfile-

  4. Repeat Step 3 for all desired blueprints

Advanced Module - Backup as a Service Management

View features and compatibility

Quick Start Process

  1. Define Cohesity Cluster Endpoint(s)
  2. Configure Cohesity Backup Profile
  3. Define Notification Configuration for Cohesity
  4. Apply Backup Profile to existing blueprint(s)
  5. Provision and recover VMs!

Prerequisites

  1. Cohesity Cluster is properly configured
  2. All Linux VMs protected by Cohesity must have the following installed:
    • rsync
    • nfs-utils
    • nfs-utils-lib
    • lsof
  3. Service account with Administrative privileges on the Cohesity Cluster(s)
  4. Email notification:
    1. User account with permissions to the email servers desired
    2. If utilizing an email server, gather the following details:
      • IP Address/hostname of the email server
      • Is the service SMTP or IMAP?
      • Credential details (username/password)
      • Whether SSL/TLS or STARTTLS is required to send emails through your email server
      • Port # of SMTP or IMAP service on that host

        Common ports: (please verify with administrator or provider)

        • SMTP: 25, 465 (SSL), 587 (STARTTLS)
        • IMAP: 143 or 993 (SSL)
  5. Existing Protection Job(s) on the Cohesity Cluster(s)
  6. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Cohesity Cluster Endpoint
    2. Add Cohesity Backup Profile
    3. Add Notification Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Cohesity Cluster Endpoint
    Add Cohesity Cluster Endpoint
    Cohesity Cluster Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Select the Cohesity Cluster version
    Hostname Cohesity Cluster hostname (FQDN or IP address)
    HTTPS? Choose whether or not the Cohesity Cluster is HTTPS
    Port Cohesity Cluster port number
    Credential Configuration for Cohesity Cluster Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing Cohesity Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (no domain)

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. On the Catalog page, click on the Request button for Add Cohesity Backup Profile
    Cohesity Backup Profile
    Cohesity Backup Profile
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Cohesity Cluster Endpoint Select the desired Cohesity Cluster Endpoint
    Protection Jobs

    *Auto-generated list based on Cohesity Cluster Endpoint selected

    Select a Protection Job from the left column and click on the right arrow to move it to the right column.

    Repeat for all desired Protection Jobs

  4. On the Catalog page, click on the Request button for Add Notification Configuration
    Add Notification Configuration
    Notification Configuration

    A notification configuration holds all the necessary information to send notifications

    FieldValue
    Type Select Backup as a Service - Cohesity
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    *Please keep as auto-generated label

    State

    *Please keep both SUCCESS and ERROR checked

    Message type

    *Please keep as Email

    Format Select the desired format
    From address Type the email address that will be sending the notification

    Can be templated: SovLabs Template Engine

    Title

    *Auto-generated Notification title

    Can be templated: SovLabs Template Engine

    Body Body message - defaulted to standard templates. Please update accordingly

    Can be templated: SovLabs Template Engine

    Message Server configuration
    New Message Server?

    Check the checkbox to create a new message server

    Uncheck to choose an existing message server

    Message Server

    *Shown when 'New Message Server' is unchecked

    Select the desired message server from a list of existing message servers
    Message server configuration label

    *Shown when 'New Message Server' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Message Server Address

    *Shown when 'New Message Server' is checked

    Message Server address (SMTP or IMAP host)

    Enable SSL?

    *Shown when 'New Message Server' checked

    Choose whether or not SSL is enabled on the message server
    Message Server port

    *Shown when 'New Message Server' is checked

    Message Server port

    Common ports: (please verify with administrator or provider)

    • SMTP: 25, 465 (SSL), 587 (STARTTLS)
    • IMAP: 143 or 993 (SSL)
    Message Server protocol

    *Shown when 'New Message Server' is checked

    Select the appropriate protocol
    Enable credential?

    *Shown when 'New Message Server' is checked

    Select whether credentials are enabled on the message server
    Create credential?

    Uncheck the checkbox to choose from existing Message Server credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Enable credential' is checked and 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials for the Message Server

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    Username's password

    Enable STARTTLS?

    *Shown when 'New Message Server' is checked and 'Message Type' is Email

    Select whether or not to enable STARTTLS

    Network timeout Defaulted to 6000
    Email Group configuration
    New Email Group?

    Check the checkbox to create a new email group

    Email Group configuration label

    *Please keep as auto-generated label

    To addresses

    *Please keep auto-generated value

    Enter all additional email addresses to send the notifications to

    Can be templated: SovLabs Template Engine

    CC addresses

    Enter all the email addresses to CC the notifications to

    Can be templated: SovLabs Template Engine

    BCC addresses

    Enter all the email addresses to BCC the notifications to

    Can be templated: SovLabs Template Engine

    Only add 1 Notification Configuration for Cohesity

    No further action is necessary to set up SovLabs Notifications for Cohesity Backup as a Service module. The Notification Configuration for Cohesity may be updated any time

  5. Do not add a Notification Group. A notification group for Cohesity Notification Configuration gets auto-generated. The Cohesity Notification Group is not visible in vRA and gets deleted when the Notification Configuration for Cohesity is deleted

Usage

Apply to vRA blueprint(s)

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Cohesity Backup as a Service:

      Starts with SovLabs-Cohesity-

      Do not attach more than 1 Cohesity Backup as a Service property group to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints
  5. Provision

End-user Usage

Provide a guide on how to perform Day 2 operations to end-users

Download User Guide

Enable End-user to Select a Protection Job at Request Time

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Cohesity Backup as a Service:

      SovLabs-CohesityChooseProtectionJob

  4. Repeat Step 3 for all desired blueprints
  5. Provision

Enable End-user to Recover Files and Folders

Allow the end-user to see the Recover Files and Folders (Cohesity) action on a VM:
  1. Add the action to the entitlement
    • Search text to type in the Name field is: Cohesity
    • Action to add is: Recover Files and Folders (Cohesity)

Enable End-user to Change Protection Job

Allow the end-user to see the Change Protection Job (Cohesity) action on a VM:
  1. Add the action to the entitlement
    • Search text to type in the Name field is: Cohesity
    • Action to add is: Change Protection Type (Cohesity)

Disable

Remove from vRA blueprint(s)

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Click the desired blueprint name to edit
  4. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Cohesity Backup up as a Service:

      Starts with SovLabs-Cohesity-

  5. Repeat Step 3 for all desired blueprints

End-userSelect a Protection Job at Request Time

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Click the desired blueprint name to edit
  4. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Cohesity Backup up as a Service: SovLabs-ChooseCohesityProtectionJob

  5. Repeat Step 3 for all desired blueprints

End-userFile and Folder Recovery

Once the process to restore a VM's files and folders has started, it cannot be stopped

Prevent the end-user from seeing the Recover Files and Folders (Cohesity) action on a VM:
  1. Remove the action from the entitlement
    • Action to remove is: Recover Files and Folders (Cohesity)

End-userChange Protection Job

Once the process to change a VM's Cohesity Protection Job has started, it cannot be stopped

Prevent the end-user from seeing the Change Protection Job (Cohesity) action on a VM:
  1. Remove the action from the entitlement
    • Action to remove is: Change Protection Job (Cohesity)

Advanced Module - Network Load Balancing

View features and compatibility

Quick Start Process

  1. Define F5 BIG-IP Endpoint(s)
  2. Drag, drop and modify the F5 Virtual component and link it to dependent machine component in the blueprint canvas
  3. Provision!

Prerequisites

  1. A user account configured in F5 BIG-IP® that has Administrator role/access:
    • Add/Remove F5 BIG-IP Virtual Servers
    • Add/Remove F5 BIG-IP Pools
    • Add/Remove F5 BIG-IP Nodes and Pool node members
    • Optional: Add F5 BIG-IP Virtual Server iRules, Add F5 BIG-IP Server/Client SSL Profiles, Add F5 BIG-IP Pool Health Monitors
  2. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add F5 Endpoint
    2. F5 Virtual
    3. Manage Restipe Configurations

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add F5 Endpoint
    Add F5 Endpoint
    F5 Endpoint

    A F5 BIG-IP Endpoint is the F5 instance where F5 BIG-IP VIPs can be created/removed via the F5 BIG-IP API

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Hostname F5 BIG-IP hostname (FQDN or IP address)
    HTTPS? Choose whether or not the F5 BIG-IP is HTTPS
    Port F5 BIG-IP port number
    Credential Configuration for F5 Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing F5 Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (no domain)

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. On the Catalog page, click on the Request button for Manage Restipe Configuration
    Manage RESTipe™ Configuration
    Manage Restipe Configuration

    SovLabs RESTipe™, an “infrastructure as code” approach for defining the steps used to create, reuse, remove and scale F5 BIG-IP structures, such as VIPs, Pools, and Nodes/Members.

    The SovLabs F5 module comes packaged with a functional RESTipe with the most common steps and structures. The SovLabs RESTipe is a single JSON or YAML formatted script, based on the SovLabs Template Engine. For even more flexibility, use the SovLabs RESTipe™ Guide to create custom RESTipe. No need for custom vRO workflows to integrate custom vRA properties or interact with other REST-based endpoints.

    FieldValue
    Action Select whether to Create, Update or Delete
    Filter by type

    *Shown when Action is 'Update' or 'Delete'

    Select the type to filter SovLabs RESTipe by
    RESTipe Drop-down menu

    *Shown when Action is 'Update' or 'Delete'

    Select the RESTipe to update or delete from the drop-down menu
    Type Select the type of SovLabs RESTipe
    Configuration label

    *Shown when Action is 'Create'

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Upon licensing SovLabs F5 module, a default SovLabs RESTipe has been added: F5Config-internal

    RESTipe

    Textarea

    JSON or YAML format

    SovLabs RESTipe Guide

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Create a new blueprint or select an existing blueprint name and click Edit
    1. Under Categories (on left pane), click on Other Components
    2. Drag and drop Create F5 VIP - SovLabs Modules onto the Design Canvas
    3. Tie the Create F5 VIP canvas item to the vSphere Machine canvas item by dragging the arrow FROM Create F5 VIP TO the vSphere Machine View screenshot
    4. Click on the Create_F5_VIP.. canvas item and a window pane will appear on the bottom
    5. Modify fields as desired by setting the default values for fields and other advanced settings and clicking on Apply for each field
      By setting default fields or having advanced settings on the fields, what a requester sees and can select is controlled upon request time of the vRA blueprint
    6. To add additional node level settings during request time:
      1. Click on the blueprint vSphere machine on the Design Canvas
      2. Click on the Properties tab and click the + Add button
      3. In the Property Groups section:
        1. Check the SovLabs-F5NodeConfigurations property group
      4. Click OK
    7. Once the blueprint is set up as desired, click on Finish
    8. If the blueprint saved above is a new blueprint:
      1. Select the blueprint from the list in Design > Blueprints
      2. Click on Publish
      3. Click on Administrators tab > Catalog Management > Catalog items
      4. Find and select the newly created blueprint from the list and click Configure
      5. Find the Service field and select the appropriate Service for the blueprint from the drop-down list
      6. Click OK
  4. If the Create F5 VIP – SovLabs Modules XaaS blueprint needs to be modified:
    1. Click on Design tab > XaaS > XaaS Blueprints
    2. Find and select Create F5 VIP – SovLabs Modules and click Copy
    3. Select Create F5 VIP – SovLabs Modules (2) that was newly created and click Edit
    4. Rename the XaaS blueprint as desired in the Name field (in General tab)
    5. Select the Blueprint form tab and modify the XaaS blueprint and click Finish
    6. Select the XaaS blueprint from the list and click Publish
      1. Click on Administrators tab > Catalog Management > Catalog Items
      2. Find and select the newly created XaaS blueprint from the list and click Configure
      3. Find the Service field. Select the appropriate Service for the blueprint from the drop-down list and click OK
    7. Modify or create a SovLabs RESTipe to include the new field(s)
    8. Repeat Step 3 under Usage for vRA Administrators/Architects

End-user Usage

Create a VIP and/or Pool and have provisioned VMs added in as node members

  1. Login to the vRA tenant
  2. Click on the Catalog tab
  3. Request the F5 BIG-IP enabled blueprint

Add a new node member to an existing vRA Deployment

  1. Login to the vRA tenant
  2. Click on the Items tab
  3. Click on the Deployments menu option from the left menu
  4. Click on the desired deployment and click Scale Out

Remove a node member from an existing vRA Deployment

  1. Login to the vRA tenant
  2. Click on the Items tab
  3. Click on the Deployments menu option from the left menu
  4. Click on the desired deployment and click Scale In

Destroying a deployment

  1. Login to the vRA tenant
  2. Click on the Items tab
  3. Click on the Deployments menu option from the left menu
  4. Click on the desired deployment and click Destroy

Destroying a deployment will remove all node members from the Pool. If the Pool has no members, the Pool will be removed. If the VIP has no Pool and no node members, the VIP will be removed.

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Click the desired blueprint name to edit
  4. Delete the F5 Virtual composite from the blueprint
  5. Optionally, remove the SovLabs-F5NodeConfigurations vRA Property Group from the vSphere Machine composite
  6. Repeat Steps 1-4 for all desired blueprints

Advanced Module - Configuration Management

View features and compatibility

Quick Start Process

  1. Define Puppet Master(s)
  2. Define Puppet Agent(s)
  3. Apply to existing blueprint(s)
  4. Provision!

Prerequisites

  1. Create Puppet Certificate and Update Puppet Console configuration

    Create the certificate on the Puppet CA that will be used for communication with the Puppet Console API and the Puppet CA API. This is the certificate that will be configured in your Puppet Master module for certificate credential from the CMP to the Puppet console. In order for the Puppet console API to accept the certificate, the configurations below need to be made.


    Perform the following for each Puppet CA utilized

    *In the following instructions, replace CERTNAME with the name to identify the automation account with, we recommend vrosvc

    1. Login to the Puppet CA
    2. Type in su -
    3. Create a certificate key and replace CERTNAME accordingly:
      puppet cert generate CERTNAME
    4. Modify the certificate_authority.pp:
      1. Type in
        vi /opt/puppetlabs/puppet/modules/puppet_enterprise/manifests/profile/certificate_authority.pp
      2. Find the following in the file and replace CERTNAME accordingly. If the following section does not already exist, copy and paste into the header of the file:
        class puppet_enterprise::profile::certificate_authority (
                                 Array[String] $client_whitelist = [ CERTNAME ]
                                )
      3. Save the file: Hit the esc key and then type in :wq!
    5. Modify auth.conf:
      1. Type the following:
        vi /etc/puppetlabs/puppetserver/conf.d/auth.conf
      2. Find and replace CERTNAME in the file accordingly. If the following section does not already exist, copy and paste into the header of the file:
        {
                                   "allow" : [
                                    "pe-internal-dashboard",
                                    CERTNAME
                                   ],
                                   "match-request" : {
                                    "method" : [
                                     "get",
                                     "put",
                                     "delete"
                                    ],
                                    "path" : "/puppet-ca/v1/certificate_status",
                                    "query-params" : {},
                                    "type" : "path"
                                   },
                                   "name" : "puppetlabs certificate status",
                                   "sort-order" : 500
                                  }
      3. Save the file: Hit the esc key and then type in :wq!
    6. Modify the rbac-certificate-whitelist:
      1. Type the following:
        vi /etc/puppetlabs/console-services/rbac-certificate-whitelist
      2. Add the CERTNAME to the end of the file, where CERTNAME is the name identified in Step 3 (e.g.vrosvc) to the end of the file
      3. Save the file: Hit the esc key and then type in :wq!
    7. Restart necessary services
      sudo service pe-console-services restart
  2. Setup or have a user for the Puppet Master, Puppet CA and Puppet database with either of the following:
    • root with SSH keys
    • root with password
    • Service account with sudo permissions
  3. Collect the appropriate keys from the Puppet Master:
    TypeLocation
    CA Certificate
    /etc/puppetlabs/puppet/ssl/ca/ca_crt
    Service Account Certificate
    /etc/puppetlabs/puppet/ssl/certs/CERTNAME
    Service Account Private Key
    /etc/puppetlabs/puppet/ssl/private_keys/CERTNAME

    *Replace CERTNAME accordingly (e.g.vrosvc)

  4. If any Puppet Agents are Windows OS:
  5. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Puppet Master Configuration
    2. Add Puppet Agent Configuration
    3. Add SovLabs vCenter Endpoint

Setup

  1. Login to the vRA tenant
  2. Perform this step only if using VMware Tools to connect a Puppet server (e.g Puppet Master, Console, Compile Master(s), Database, Hiera)
    • On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
      Add vCenter Endpoint
      SovLabs vCenter Endpoint
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Version Choose the appropriate vCenter version
      Platform Service Controller (FQDN)

      *Shown when 'Version' is 6+

      Type in the PSC FQDN
      Is the PSC embedded on the vCenter server?

      *Shown when 'Version' is 6+

      vCenter hostname (FQDN)

      *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x

      Type in the vCenter server FQDN
      Credential Configuration for vCenter Endpoint
      Create credential?

      Uncheck the checkbox to choose from existing vCenter Endpoint credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Username

      *Shown when 'Create credential' is checked

      Username (user@example.com)

      Password

      *Shown when 'Create credential' is checked

      User's password

  3. Determine if the Puppet Master server (and if defined separately, the Console/Database/Compile Masters/Hiera servers) will be using the same credentials to log in. If so, perform this step:

    On the Catalog page, click on the Request button for Manage Credential Configuration

    • Action: Create
    • Type: Puppet
    • Subtype: Only the Hiera server (if defined separately) can be Windows
    • Connection method: Select the desired connection method
    Manage Credentials
  4. On the Catalog page, click on the Request button for Add Puppet Master Configuration
    Add Puppet Master Configuration
    Puppet Master Configuration

    A Puppet Master Configuration is a target Puppet Master

    General
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Puppet Master version Select the Puppet Master version
    Puppet Master Connection Configuration
    Puppet Master OS family Currently, only allows for unix
    Puppet pe-puppetserver port Port pe-puppetserver listens on, defaults to 8140
    Puppet Master connection method Select the connection method to connect to the Puppet Master server
    Puppet Master hostname Hostname of Puppet Master server (FQDN)
    Puppet Master vCenter Endpoint

    *Shown when 'Puppet Master connection method' is vmware-tools

    Select an existing SovLabs vCenter Endpoint where the Puppet Master VM resides in (Step 2)

    Puppet Master VM name as it appears in vCenter

    *Shown when 'Puppet Master connection method' is vmware-tools

    Type in the VM name of the Puppet Master server as it appears in vCenter

    Directory for temporary Puppet Master scripts Directory to put temporary scripts on the Puppet Master
    Create credential?

    Uncheck the checkbox to choose from existing Puppet credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    SSH Key used?

    *Shown when 'Create credential' is checked and 'Connection method' is SSH

    Check whether or not an SSH key is used

    Username

    *Shown when 'Create credential' is checked

    Username for Puppet Master server

    Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

    User's password

    SSH Key

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key

    SSH Key Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key password, if any

    Console Configuration
    Console OS family Currently, only allows for unix
    Console port Port the Puppet Console listens on, defaults to 4433
    Console connection method Select the connection method to connect to the Puppet Console server
    Console hostname Puppet Console server in FQDN format
    Console vCenter Endpoint

    *Shown when 'Console connection method' is vmware-tools

    Select an existing SovLabs vCenter Endpoint where the Console VM resides in (Step 2)

    Console VM name as it appears in vCenter

    *Shown when 'Console connection method' is vmware-tools

    Type in the VM name of the Puppet Console server as it appears in vCenter

    Directory for temporary Console scripts Directory to put temporary scripts on the Console
    Console create credential?

    Uncheck the checkbox to choose from existing Puppet credentials

    Check the checkbox to create a new credential

    Console credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Console credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Console SSH Key used?

    *Shown when 'Create credential' is checked and 'Connection method' is SSH

    Check whether or not an SSH key is used

    Console Username

    *Shown when 'Create credential' is checked

    Username for Puppet Console server

    Console Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

    User's password

    Console SSH Key

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key

    Console SSH Key Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key password, if any

    Compile Masters
    Use separate Compile Masters? Check the checkbox to define Compile Masters
    Compile Masters OS family

    *Shown when 'Use separate Compile Masters' is checked

    Currently, only allows for unix
    Compile Masters connection method

    *Shown when 'Use separate Compile Masters' is checked

    Select the connection method to connect to the Compile Masters
    Compile Masters hostnames

    *Shown when 'Use separate Compile Masters' is checked and 'Compile Masters connection method' is SSH

    Enter the Compile Master(s) in FQDN format
    Compile Masters vCenter Endpoint

    *Shown when 'Use separate Compile Masters' is checked and 'Compile Masters connection method' is vmware-tools

    Select an existing SovLabs vCenter Endpoint where the Compile Master VMs reside in (Step 2)

    Compile Masters VM names as they appear in vCenter

    *Shown when 'Use separate Compile Masters' is checked and 'Compile Masters connection method' is vmware-tools

    Type in the VM names of the Puppet Compile Master servers as they appear in vCenter

    Directory for temporary Compile Masters scripts

    *Shown when 'Use separate Compile Masters' is checked

    Directory to put temporary scripts on the Compile Masters
    Compile Masters create credential?

    Uncheck the checkbox to choose from existing Puppet credentials

    Check the checkbox to create a new credential

    Compile Masters Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Compile Masters credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Compile Masters SSH Key used?

    *Shown when 'Create credential' is checked and 'Connection method' is SSH

    Check whether or not an SSH key is used

    Compile Masters Username

    *Shown when 'Create credential' is checked

    Username for Compile Masters

    Compile Masters Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

    User's password

    Compile Masters SSH Key

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key

    Compile Masters SSH Key Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key password, if any

    Database Configuration
    Use separate database? Check the checkbox to define database
    Database OS family

    *Shown when 'Use separate database' is checked

    Currently, only allows for unix
    Database connection method

    *Shown when 'Use separate database' is checked

    Select the connection method to connect to the Puppet Database server
    Database hostname

    *Shown when 'Use separate database' is checked and 'Database connection method' is SSH

    Database hostname in FQDN format
    Database vCenter Endpoint

    *Shown when 'Database connection method' is vmware-tools

    Select an existing SovLabs vCenter Endpoint where the Puppet Database VM resides in (Step 2)

    Database VM name as it appears in vCenter

    *Shown when 'Database connection method' is vmware-tools

    Type in the VM name of the Puppet Database server as it appears in vCenter

    Directory for temporary Database scripts

    *Shown when 'Use separate database' is checked

    Directory to put temporary scripts on the database
    Database create credential?

    Uncheck the checkbox to choose from existing Puppet credentials

    Check the checkbox to create a new credential

    Database credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Database credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Database SSH Key used?

    *Shown when 'Create credential' is checked and 'Connection method' is SSH

    Check whether or not an SSH key is used

    Database Username

    *Shown when 'Create credential' is checked

    Username for Puppet Database server

    Database Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

    User's password

    Database SSH Key

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key

    Database SSH Key Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key password, if any

    Group Configuration
    Parent Group Any existing group in the Puppet console that will be the parent for all newly created node groups to be created under

    Can be templated: SovLabs Template Engine

    Parent Group Environment The parent group environment

    Can be templated: SovLabs Template Engine

    Group name template Template for the group name

    Can be templated: SovLabs Template Engine

    Certificate PEM files
    API Certificate

    Puppet API Certificate PEM file

    *Normally found on the Puppet Master and is the Service Account Certificate (Prerequisites Step 3): /etc/puppetlabs/puppet/ssl/certs/CERTNAME

    API RSA Private Key

    Puppet API RSA Private Key PEM file

    *Normally found on the Puppet Master and is the Service Account Private Key (Prerequisites Step 3): /etc/puppetlabs/puppet/ssl/private_keys/CERTNAME

    API CA Certificate

    CA Certification

    *Normally found on the Puppet Master and is the CA Certificate (Prerequisites Step 3): /etc/puppetlabs/puppet/ssl/ca/ca_crt

    Certificate Authority
    Is auto-sign enabled in Puppet? Is autosign enabled in Puppet? If checked yes, skips signing the certificate
    Certificate Authority hostname Puppet Certificate Authority Hostname (FQDN)
    Certificate Authority port Port the Puppet Certificate Authority listens on, defaults to 8140
    Hiera Configuration
    Create hiera node data? Check the checkbox to create hiera node data
    Hiera on Puppet Master server? Uncheck the checkbox only if the hiera server is on a different server from the Puppet Master
    Hiera OS Family

    *Shown when 'Hiera on Puppet Master server?' is unchecked

    Select Hiera OS type
    Hiera connection method

    *Shown when 'Hiera on Puppet Master server?' is unchecked

    Select the connection method
    Hiera hostname

    *Shown when 'Hiera on Puppet Master server?' is unchecked and 'Hiera connection method' is SSH

    Hiera hostname (FQDN)
    Hiera vCenter Endpoint

    *Shown when 'Hiera connection method' is vmware-tools

    Select an existing SovLabs vCenter Endpoint where the Hiera VM resides in (Step 2)

    Hiera VM name as it appears in vCenter

    *Shown when 'Hiera connection method' is vmware-tools

    Type in the VM name of the Hiera server as it appears in vCenter

    Directory for temporary Hiera scripts

    *Shown when 'Hiera on Puppet Master server?' is unchecked

    Directory to put temporary scripts on the Hiera server
    Hiera create credential?

    Uncheck the checkbox to choose from existing Puppet credentials

    Check the checkbox to create a new credential

    Hiera credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Hiera credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Hiera SSH Key used?

    *Shown when 'Create credential' is checked and 'Connection method' is SSH

    Check whether or not an SSH key is used

    Hiera Username

    *Shown when 'Create credential' is checked

    Username for Hiera server

    Hiera Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

    User's password

    Hiera SSH Key

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key

    Hiera SSH Key Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key password, if any

    Hiera Node Data configuration

    *Shown when 'Create Hiera node data?' is checked

    Hiera node data format

    *Shown when 'Create Hiera node data?' is checked

    Hiera node data format
    Hiera node data filename

    *Shown when 'Create Hiera node data?' is checked

    Filename for hiera node data

    Can be templated: SovLabs Template Engine

    Hiera node data template

    *Shown when 'Create Hiera node data?' is checked

    Hiera data template

    Can be templated: SovLabs Template Engine

    Hiera eyaml Public Key

    *Shown when 'Hiera node data format' is eyaml

    Hiera eyaml public key

    *Entire section is only shown when 'Create hiera node data' is checked

    Hiera Pre-Create Script
    Hiera pre-create script Script to execute prior to creating the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera pre-create script arguments Script arguments, if any
    Hiera pre-create script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera pre-create script

    *Shown when 'Use separate Compile Masters' is checked

    Script to execute prior to creating the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera pre-create script arguments

    *Shown when 'Use separate Compile Masters' is checked

    Script arguments, if any
    Compile Masters Hiera pre-create script interpreter

    *Shown when 'Use separate Compile Masters' is checked

    Script interpreter, e.g. /bin/bash
    Hiera Post-Create Script
    Hiera post-create script Script to execute after creating the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera post-create script arguments Script arguments, if any
    Hiera post-create script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera post-create script

    *Shown when 'Use separate Compile Masters' is checked

    Script to execute after creating the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera post-create script arguments

    *Shown when 'Use separate Compile Masters' is checked

    Script arguments, if any
    Compile Masters Hiera post-create script interpreter

    *Shown when 'Use separate Compile Masters' is checked

    Script interpreter, e.g. /bin/bash
    Hiera Pre-Delete Script
    Hiera pre-delete script Script to execute prior to deleting the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera pre-delete script arguments Script arguments, if any
    Hiera pre-delete script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera pre-delete script

    *Shown when 'Use separate Compile Masters' is checked

    Script to execute prior to deleting the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera pre-delete script arguments

    *Shown when 'Use separate Compile Masters' is checked

    Script arguments, if any
    Compile Masters Hiera pre-delete script interpreter

    *Shown when 'Use separate Compile Masters' is checked

    Script interpreter, e.g. /bin/bash
    Hiera Post-Delete Script
    Hiera post-delete script Script to execute after deleting the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera post-delete script arguments Script arguments, if any
    Hiera post-delete script interpreter Script interpreter, e.g. /bin/bash
    Compile MastersHiera post-delete script

    *Shown when 'Use separate Compile Masters' is checked

    Script to execute after deleting the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile MastersHiera post-delete script arguments

    *Shown when 'Use separate Compile Masters' is checked

    Script arguments, if any
    Compile Masters Hiera post-delete script interpreter

    *Shown when 'Use separate Compile Masters' is checked

    Script interpreter, e.g. /bin/bash
    Purge node script Script purge the node

    Can be templated: SovLabs Template Engine

    Purge node script arguments Script arguments, if any
    Purge node script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters

    *Shown when 'Use separate Compile Masters' is checked

    Compile Masters Purge node script Script purge the node

    Can be templated: SovLabs Template Engine

    Compile Masters Purge node script arguments Script arguments, if any
    Compile Masters Purge node script interpreter Script interpreter, e.g. /bin/bash
    Console
    Purge node console script Script purge the node

    Can be templated: SovLabs Template Engine

    Purge node console script arguments Script arguments, if any
    Purge node console script interpreter Script interpreter, e.g. /bin/bash
    Database

    *Shown when 'Use separate database' is checked

    Purge node database script Script purge the node

    Can be templated: SovLabs Template Engine

    Purge node database script arguments Script arguments, if any
    Purge node database script interpreter Script interpreter, e.g. /bin/bash
  5. On the Catalog page, click on the Request button for Add Puppet Agent Configuration
    Add Puppet Agent Configuration
    Puppet Agent Configuration

    A Puppet Agent configuration defines the Puppet Agent settings

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Puppet version Select the Puppet Agent version
    Puppet environment Provisioned node environment

    Can be templated to be derived from vRA custom property on the blueprint: SovLabs Template Engine

    OS Family for provisioned nodes unix or windows
    Directory for temporary scripts Directory to put temporary scripts on the provisioned node
    Connection Info
    Connection type Select the desired connection type to the provisioned node
    vCenter Endpoint

    *Shown when 'Connection type' is vmware-tools

    Select the vCenter Endpoint

    Credential Configuration for Provisioned Node
    Create credential?

    Uncheck the checkbox to choose from existing Provisioned Node credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    SSH Key used?

    *Shown when 'Create credential' is checked and 'Connection type' is SSH based

    Check whether or not an SSH key is used

    Username

    *Shown when 'Create credential' is checked

    Username for the provisioned node

    Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

    User's password

    SSH Key

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key

    SSH Key Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key password, if any

    puppet.conf configuration
    puppet.conf file content Contents of puppet.conf file - if left blank, the puppet.conf will not be updated on the provisioned node

    Can be templated: SovLabs Template Engine

    puppet.conf filename

    Can be templated: SovLabs Template Engine

    Facter Files
    Facter facts template Template of the facter facts

    Warning: Facter facts file contents does not support encryption

    Can be templated: SovLabs Template Engine

    Facter facts format Format for the Facter facts file
    Facter facts filename

    Can be templated: SovLabs Template Engine

    Filename (with path) for Facter facts
    Classes
    Classes Add existing classes in Puppet Console for provisioned node to join

    Can be templated: SovLabs Template Engine

    • Single class example with no parameters:
      { "sudo":{} }
    • Single class example with 2 parameters:
      {
                                             "sudo": {"param1": "val1", "param2": "val2"}
                                            }
    • Multi-class example with no parameters:
      { 
                                             "sudo" : {},
                                             "apache": {} 
                                            }
    • Multi-class example with 2 parameters:
      { 
                                             { "sudo": {"param1": "val1", "param2": "val2"}}, 
                                             { "apache": {"param1": "val1", "param2": "val2"}} 
                                            }
    Custom group name When classes are defined, creates a custom group with this specified name

    Can be templated: SovLabs Template Engine

    Groups
    Groups Add existing groups in Puppet Console for provisioned node to join

    Can be templated: SovLabs Template Engine

    Installer File(s)
    Source Installer file Define source installer file (for Windows Puppet Agent)
    Destination Installer file Define destination installer file (for Windows Puppet Agent)
    Install Puppet on a Node Script
    Install script Script to install Puppet on a node - if left blank, expects Puppet to already be installed

    Can be templated: SovLabs Template Engine

    Install script arguments Script arguments, if any

    Can be templated: SovLabs Template Engine

    Install script interpreter

    Script interpreter, e.g. /bin/bash

    *For Windows, only powershell and bat are valid interpreters

    Max retry attempt to Run Puppet Maximum number of attempts to retry Run Puppet
    Ignore final Run Puppet errors? If true, any errors found on the final Puppet run will be ignored and install will be allowed to continue - useful in initial development of new Puppet content
    Run Puppet Script
    Run Puppet script Script to execute after creating the hiera node data

    Can be templated: SovLabs Template Engine

    Run Puppet script arguments Script arguments, if any

    Can be templated: SovLabs Template Engine

    Run Puppet script interpreter

    Script interpreter, e.g. /bin/bash

    *For Windows, only powershell and bat are valid interpreters

    Run Puppet Script Validation
    Run Puppet script success exit codes Success exit codes.

    *List multiple exit codes comma separated

    Run Puppet script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Run Puppet Script Validation prior to Certificate being Signed
    Pre-certificate success exit codes Success exit codes.

    *List multiple exit codes comma separated

    Pre-certificate success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Final Run Puppet Script Validation
    Final Puppet Run script success exit codes Success exit codes.

    *List multiple exit codes comma separated

    Final Puppet Run script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Post Script Script to execute after the final Puppet Run

    Can be templated: SovLabs Template Engine

    Post script arguments Script arguments, if any
    Post script interpreter

    Script interpreter, e.g. /bin/bash

    *For Windows, only powershell and bat are valid interpreters

    Post Script Validation
    Post script success exit codes Success exit codes.

    *List multiple exit codes comma separated

    Post script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Pre-Puppet Remove script Script to run prior to removing Puppet from node

    Can be templated: SovLabs Template Engine

    Pre-Puppet Remove script arguments Script arguments, if any
    Pre-Puppet Remove script interpreter

    Script interpreter, e.g. /bin/bash

    *For Windows, only powershell and bat are valid interpreters

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the two vRA property groups for Puppet Enterprise:

      1. Starts with SovLabs-PuppetMaster-
      2. Starts with SovLabs-PuppetAgent-

      Do not attach more than 1 pair of Puppet Enterprise vRA property groups to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the two vRA property groups for Puppet Enterprise:
      1. Starts with SovLabs-PuppetMaster-
      2. Starts with SovLabs-PuppetAgent-
  4. Repeat Step 3 for all desired blueprints

Advanced Module - Configuration Management

View features and compatibility

Quick Start Process

  1. Define Foreman Master(s)
  2. Define Foreman Agent(s)
  3. Apply to existing blueprint(s)
  4. Provision!

Prerequisites

  1. Create Puppet Certificate and Update Puppet Console configuration

    Create the certificate on the Puppet CA that will be used for communication with the Foreman API and the Puppet CA API.

    Perform the following for each Puppet CA utilized

    *In the following instructions, replace CERTNAME with the name to identify the automation account with, we recommend vrosvc

    1. Login to the Puppet CA
    2. Type in su -
    3. Create a certificate key: puppet cert generate CERTNAME
    4. Modify auth.conf:
      1. Type in
        vi /etc/puppet/auth.conf
      2. If the following section does not exist, copy and paste the following section into the auth.conf file, and replace CERTNAME with the certificate name you created in Step 1 (without the .pem extension). This is case-sensitive. If the section does exist, add your certificate to the allow list:
        path  /certificate_status
                                    method find, save, search
                                    auth yes
                                    allow CERTNAME
                                  
      3. Save the file: Hit the esc key and then type in :wq!
    5. Restart necessary services by typing in: service puppet restart
  2. Setup or have a user for the Puppet Master, Puppet CA and Puppet database:
    • root with SSH keys
    • root with password
    • Service account with sudo permissions
  3. Collect the appropriate keys from the Puppet Master:
    TypeLocation
    CA Certificate
    /var/lib/puppet/ssl/ca/ca_crt.pem
    Service Account Certificate
    /var/lib/puppet/ssl/certs/CERTNAME.pem
    Service Account Private Key
    /var/lib/puppet/ssl/private_keys/CERTNAME.pem

    *Replace CERTNAME accordingly (e.g.vrosvc)

  4. If any Puppet Agents are Windows OS:
  5. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Foreman Master Configuration
    2. Add Foreman Agent Configuration
    3. Add SovLabs vCenter Endpoint

Setup

  1. Login to the vRA tenant
  2. Perform this step only if using VMware Tools to connect a Puppet server (e.g Puppet Master, Console, Hiera, etc)
    • On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
      Add vCenter Endpoint
      SovLabs vCenter Endpoint
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Version Choose the appropriate vCenter version
      Platform Service Controller (FQDN)

      *Shown when 'Version' is 6+

      Type in the PSC FQDN
      Is the PSC embedded on the vCenter server?

      *Shown when 'Version' is 6+

      vCenter hostname (FQDN)

      *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x

      Type in the vCenter server FQDN
      Credential Configuration for vCenter Endpoint
      Create credential?

      Uncheck the checkbox to choose from existing vCenter Endpoint credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Username

      *Shown when 'Create credential' is checked

      Username (user@example.com)

      Password

      *Shown when 'Create credential' is checked

      User's password

  3. Determine if the Puppet Master server (and if defined separately, the Console/Database/Compile Masters/Hiera servers) will be using the same credentials to log in. If so, perform this step:

    On the Catalog page, click on the Request button for Manage Credential Configuration

    • Action: Create
    • Type: Puppet
    • Subtype: Only the Hiera server (if defined separately) can be Windows
    • Connection method: Select the desired connection method
    Manage Credentials
  4. On the Catalog page, click on the Request button for Add Foreman Master Configuration
    Add Foreman Master Configuration
    Foreman Master Configuration

    A Foreman Master Configuration is a target Foreman Master

    General
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Puppet Open Source with Foreman version Select the Puppet Open Source with Foreman version
    Foreman Configuration
    Use Foreman classifier? Check the checkbox to define a separate Foreman server (if not on the Puppet Master)
    Foreman Hostname Foreman hostname in FQDN formaat
    Foreman Port Port for Foreman, defaults to 443
    Create credential?

    Uncheck the checkbox to choose from existing Puppet credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username for Foreman server

    Password

    *Shown when 'Create credential' is checked

    User's password

    Puppet Master connection configuration
    Puppet Master OS family Currently, only allows for unix
    Puppet pe-puppetserver port Port pe-puppetserver listens on, defaults to 8140
    Puppet Master connection method Select the connection method to connect to the Puppet Master server
    Puppet Master hostname Hostname of Puppet Master server (FQDN)
    Puppet Master vCenter Endpoint

    *Shown when 'Puppet Master connection method' is vmware-tools

    Select an existing SovLabs vCenter Endpoint where the Puppet Master VM resides in (Step 2)

    Puppet Master VM name as it appears in vCenter

    *Shown when 'Puppet Master connection method' is vmware-tools

    Type in the VM name of the Puppet Master server as it appears in vCenter

    Directory for temporary Puppet Master scripts Directory to put temporary scripts on the Puppet Master
    Create credential?

    Uncheck the checkbox to choose from existing Puppet credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    SSH Key used?

    *Shown when 'Create credential' is checked and 'Connection method' is SSH

    Check whether or not an SSH key is used

    Username

    *Shown when 'Create credential' is checked

    Username for Puppet Master server

    Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

    User's password

    SSH Key

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key

    SSH Key Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key password, if any

    Compile Masters
    Compile Master defined? Check the checkbox to define Compile Masters
    Compile Masters OS family

    *Shown when 'Compile Master defined' is checked

    Currently, only allows for unix
    Compile Masters connection method

    *Shown when 'Compile Master defined' is checked

    Select the connection method to connect to the Compile Masters
    Compile Masters hostnames

    *Shown when 'Compile Master defined' is checked and 'Compile Masters connection method' is SSH

    Enter the Compile Master(s) in FQDN format
    Compile Masters vCenter Endpoint

    *Shown when 'Compile Master defined' is checked and 'Compile Masters connection method' is vmware-tools

    Select an existing SovLabs vCenter Endpoint where the Compile Master VMs reside in (Step 2)

    Compile Masters VM names as they appear in vCenter

    *Shown when 'Compile Master defined' is checked and 'Compile Masters connection method' is vmware-tools

    Type in the VM names of the Puppet Compile Master servers as they appear in vCenter

    Directory for temporary Compile Masters scripts

    *Shown when 'Compile Master defined' is checked

    Directory to put temporary scripts on the Compile Masters
    Compile Masters create credential?

    Uncheck the checkbox to choose from existing Puppet credentials

    Check the checkbox to create a new credential

    Compile Masters Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Compile Masters credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Compile Masters SSH Key used?

    *Shown when 'Create credential' is checked and 'Connection method' is SSH

    Check whether or not an SSH key is used

    Compile Masters Username

    *Shown when 'Create credential' is checked

    Username for Compile Masters

    Compile Masters Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

    User's password

    Compile Masters SSH Key

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key

    Compile Masters SSH Key Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key password, if any

    Database Configuration
    Database defined? Check the checkbox to define database
    Database OS family

    *Shown when 'Database defined' is checked

    Currently, only allows for unix
    Database connection method

    *Shown when 'Database defined' is checked

    Select the connection method to connect to the Puppet Database server
    Database hostname

    *Shown when 'Database defined' is checked and 'Database connection method' is SSH

    Database hostname in FQDN format
    Database vCenter Endpoint

    *Shown when 'Database connection method' is vmware-tools

    Select an existing SovLabs vCenter Endpoint where the Puppet Database VM resides in (Step 2)

    Database VM name as it appears in vCenter

    *Shown when 'Database connection method' is vmware-tools

    Type in the VM name of the Puppet Database server as it appears in vCenter

    Directory for temporary Database scripts

    *Shown when 'Database defined' is checked

    Directory to put temporary scripts on the database
    Database create credential?

    Uncheck the checkbox to choose from existing Puppet credentials

    Check the checkbox to create a new credential

    Database credential

    *Shown when 'Database defined' is unchecked

    Select the appropriate credential from an existing list of credentials

    Database credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Database SSH Key used?

    *Shown when 'Create credential' is checked and 'Connection method' is SSH

    Check whether or not an SSH key is used

    Database Username

    *Shown when 'Create credential' is checked

    Username for Puppet Database server

    Database Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

    User's password

    Database SSH Key

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key

    Database SSH Key Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key password, if any

    Certificate PEM files
    API Certificate

    Puppet API Certificate PEM file

    *Normally found on the Puppet Master and is the Service Account Certificate (Prerequisites Step 3): /var/lib/puppet/ssl/certs/CERTNAME.pem

    API RSA Private Key

    Puppet API RSA Private Key PEM file

    *Normally found on the Puppet Master and is the Service Account Private Key (Prerequisites Step 3): /var/lib/puppet/ssl/private_keys/CERTNAME.pem

    API CA Certificate

    CA Certification

    *Normally found on the Puppet Master and is the CA Certificate (Prerequisites Step 3): /var/lib/puppet/ssl/ca/ca_crt.pem

    Certificate Authority
    Is auto-sign enabled in Puppet? Is autosign enabled in Puppet? Check the checkbox to skip signing the certificate
    Certificate Authority hostname Puppet Certificate Authority Hostname (FQDN)
    Certificate Authority port Port the Puppet Certificate Authority listens on, defaults to 8140
    Hiera Configuration
    Create Hiera node data? Check the checkbox to create hiera node data
    Hiera on Puppet Master server? Uncheck the checkbox if the hiera server is on a different server from the Puppet Master
    Hiera OS family

    *Shown when Hiera on Puppet Master server is unchecked

    Hiera OS type
    Hiera connection method

    *Shown when Hiera on Puppet Master server is unchecked

    Select the connection method
    Hiera hostname

    *Shown when 'Hiera on Puppet Master server?' is unchecked and 'Hiera connection method' is SSH

    Hiera hostname (FQDN)
    Hiera vCenter Endpoint

    *Shown when 'Hiera connection method' is vmware-tools

    Select an existing SovLabs vCenter Endpoint where the Hiera VM resides in (Step 2)

    Hiera VM name as it appears in vCenter

    *Shown when 'Hiera connection method' is vmware-tools

    Type in the VM name of the Hiera server as it appears in vCenter

    Directory for temporary Hiera scripts

    *Shown when 'Hiera on Puppet Master server?' is unchecked

    Directory to put temporary scripts on the Hiera server
    Hiera create credential?

    Uncheck the checkbox to choose from existing Puppet credentials

    Check the checkbox to create a new credential

    Hiera credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Hiera credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Hiera SSH Key used?

    *Shown when 'Create credential' is checked and 'Connection method' is SSH

    Check whether or not an SSH key is used

    Hiera Username

    *Shown when 'Create credential' is checked

    Username for Hiera server

    Hiera Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

    User's password

    Hiera SSH Key

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key

    Hiera SSH Key Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key password, if any

    Hiera Node Data configuration

    *Shown when 'Create Hiera node data?' is checked

    Hiera node data format

    *Shown when 'Create Hiera node data?' is checked

    Hiera node data format
    Hiera node data filename

    *Shown when 'Create Hiera node data?' is checked

    Filename for hiera node data

    Can be templated: SovLabs Template Engine

    Hiera node data template

    *Shown when 'Create Hiera node data?' is checked

    Hiera data template

    Can be templated: SovLabs Template Engine

    Hiera eyaml Public Key

    *Shown when 'Hiera node data format' is eyaml

    Hiera eyaml public key

    *Entire section is only shown when Create Hiera Node Data is 'Yes'

    Hiera Pre-Create Script
    Hiera pre-create script Script to execute prior to creating the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera pre-create script arguments Script arguments, if any
    Hiera pre-create script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera pre-create script

    *Shown when Use separate Compile Masters is 'Yes'

    Script to execute prior to creating the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera pre-create script arguments

    *Shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera pre-create script interpreter

    *Shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Hiera Post-Create Script
    Hiera post-create script Script to execute after creating the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera post-create script arguments Script arguments, if any
    Hiera post-create script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera post-create script

    *Shown when Use separate Compile Masters is 'Yes'

    Script to execute after creating the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera post-create script arguments

    *Shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera post-create script interpreter

    *Shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Hiera Pre-Delete Script
    Hiera pre-delete script Script to execute prior to deleting the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera pre-delete script arguments Script arguments, if any
    Hiera pre-delete script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera pre-delete script

    *Shown when Use separate Compile Masters is 'Yes'

    Script to execute prior to deleting the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera pre-delete script arguments

    *Shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera pre-delete script interpreter

    *Shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Hiera Post-Delete Script
    Hiera post-delete script Script to execute after deleting the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera post-delete script arguments Script arguments, if any
    Hiera post-delete script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera post-delete script

    *Shown when Use separate Compile Masters is 'Yes'

    Script to execute after deleting the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera post-delete script arguments

    *Shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera post-delete script interpreter

    *Shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Purge Node Script Script purge the node

    Can be templated: SovLabs Template Engine

    Purge node script arguments Script arguments, if any
    Purge node script interpreter Script interpreter, e.g. /bin/bash
  5. On the Catalog page, click on the Request button for Add Foreman Agent Configuration
    Add Foreman Agent Configuration
    Foreman Agent Configuration

    A Foreman Agent configuration defines the Puppet Open Source with Foreman Agent settings

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Puppet Open Source with Foreman version Select the Puppet Agent version
    Puppet environment Provisioned node environment

    Can be templated to be derived from vRA custom property on the blueprint: SovLabs Template Engine

    OS Family for provisioned nodes unix or windows
    Directory for temporary scripts Directory to put temporary scripts on the provisioned node
    Connection Info
    Connection type Select the desired connection type to the provisioned node
    vCenter Endpoint

    *Shown when 'Connection type' is vmware-tools

    Select the vCenter Endpoint

    Credential Configuration for Provisioned Node
    Create credential?

    Uncheck the checkbox to choose from existing Provisioned Node credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    SSH Key used?

    *Shown when 'Create credential' is checked and 'Connection type' is SSH based

    Check whether or not an SSH key is used

    Username

    *Shown when 'Create credential' is checked

    Username for the provisioned node

    Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

    User's password

    SSH Key

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key

    SSH Key Password

    *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

    SSH Key password, if any

    puppet.conf configuration
    puppet.conf file content Contents of puppet.conf file - if left blank, the puppet.conf will not be updated on the provisioned node

    Can be templated: SovLabs Template Engine

    puppet.conf filename

    Can be templated: SovLabs Template Engine

    Facter Files
    Facter facts template Template of the facter facts

    Warning: Facter facts file contents does not support encryption

    Can be templated: SovLabs Template Engine

    Facter facts format Format for the Facter facts file
    Facter facts filename

    Can be templated: SovLabs Template Engine

    Filename (with path) for Facter facts
    Classes
    Classes Add existing classes for provisioned node to join

    Can be templated: SovLabs Template Engine

    • Single class example with no parameters:
      { "sudo":{} }
    • Single class example with 2 parameters:
      {
                                             "sudo": {"param1": "val1", "param2": "val2"}
                                            }
    • Multi-class example with no parameters:
      { 
                                             "sudo" : {},
                                             "apache": {} 
                                            }
    • Multi-class example with 2 parameters:
      { 
                                             { "sudo": {"param1": "val1", "param2": "val2"}}, 
                                             { "apache": {"param1": "val1", "param2": "val2"}} 
                                            }
    Group
    Host Group Add existing host groups for provisioned node to join

    Can be templated: SovLabs Template Engine

    Installer File(s)
    Source Installer file Define source installer file (for Windows Puppet Agent)
    Destination Installer file Define destination installer file (for Windows Puppet Agent)
    Install Puppet on a Node Script
    Install script Script to install Puppet on a node - if left blank, expects Puppet to already be installed

    Can be templated: SovLabs Template Engine

    Install script arguments Script arguments, if any

    Can be templated: SovLabs Template Engine

    Install script interpreter

    Script interpreter, e.g. /bin/bash

    *For Windows, only powershell and bat are valid interpreters

    Max retry attempt to Run Puppet Maximum number of attempts to retry Run Puppet
    Ignore final Run Puppet errors? If true, any errors found on the final Puppet run will be ignored and install will be allowed to continue - useful in initial development of new Puppet content
    Run Puppet Script
    Run Puppet script Script to execute after creating the hiera node data

    Can be templated: SovLabs Template Engine

    Run Puppet script arguments Script arguments, if any

    Can be templated: SovLabs Template Engine

    Run Puppet script interpreter

    Script interpreter, e.g. /bin/bash

    *For Windows, only powershell and bat are valid interpreters

    Run Puppet Script Validation
    Run Puppet script success exit codes Success exit codes.

    *List multiple exit codes comma separated

    Run Puppet script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Run Puppet Script Validation prior to Certificate being Signed
    Pre-certificate success exit codes Success exit codes.

    *List multiple exit codes comma separated

    Pre-certificate success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Final Run Puppet Script Validation
    Final Puppet Run script success exit codes Success exit codes.

    *List multiple exit codes comma separated

    Final Puppet Run script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Post Script Script to execute after the final Puppet Run

    Can be templated: SovLabs Template Engine

    Post script arguments Script arguments, if any
    Post script interpreter

    Script interpreter, e.g. /bin/bash

    *For Windows, only powershell and bat are valid interpreters

    Post Script Validation
    Post script success exit codes Success exit codes.

    *List multiple exit codes comma separated

    Post script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Pre-Puppet Remove script Script to run prior to removing Puppet from node

    Can be templated: SovLabs Template Engine

    Pre-Puppet Remove script arguments Script arguments, if any
    Pre-Puppet Remove script interpreter

    Script interpreter, e.g. /bin/bash

    *For Windows, only powershell and bat are valid interpreters

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the two vRA property groups for Puppet Open Source with Foreman:

      1. Starts with SovLabs-ForemanMaster-
      2. Starts with SovLabs-ForemanAgent-

      Do not attach more than 1 pair of Puppet Open Source with Foreman vRA property groups to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the two vRA property groups for Puppet Open Source with Foreman:
      1. Starts with SovLabs-ForemanMaster-
      2. Starts with SovLabs-ForemanAgent-
  4. Repeat Step 3 for all desired blueprints

Advanced Module - Service Management

View features and compatibility

Quick Start Process

  1. Define ServiceNow Endpoint(s)
  2. Define ServiceNow CMDB Configuration(s)
  3. Apply to existing blueprint(s)
  4. Provision!

Prerequisites

  1. ServiceNow CMDB is properly configured
  2. ServiceNow CMDB service user account must have Web Service admin rights and rights to add/update/delete records
  3. If incorporating with VMware ITSM, perform the following:
    1. Once the VMware ITSM plug-in installed, set the u_vra_uid column to read/write from read only
    2. In ServiceNow, navigate to System Definition
    3. Under Column name, search for u_vra_uid
    4. Click the cmdb_ci table from the results
    5. Uncheck Read only and Check Read/Write
    6. Click Update
  4. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add ServiceNow Endpoint
    2. Add ServiceNow CMDB

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add ServiceNow Endpoint
    Add ServiceNow Endpoint
    ServiceNow Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Host URL URL to ServiceNow endpoint. Start with http or https
    Version Select the ServiceNow version
    Credential Configuration for ServiceNow Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing ServiceNow Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username for ServiceNow host

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. On the Catalog page, click on the Request button for Add ServiceNow CMDB Configuration
    Add ServiceNow CMDB Configuration
    ServiceNow CMDB Configuration
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    ServiceNow Endpoint Select the desired ServiceNow endpoint
    Use Import Set? Select whether or not to use Import Set
    Table name Select the table to add/remove records from
    Import Set Name

    *Shown when 'Use Import Set' is checked

    Import set name in ServiceNow
    Delete using Import Set?

    *Shown when 'Use Import Set' is checked

    If No, the record will be deleted from the database tables directly


    If Yes, verify the u_action field is configured on the Import Set and defined in the Transform script

    Example transform script:
    if (source.u_action == 'delete') {
                                       var vms = new GlideRecord('cmdb_ci_vm_instance');
                                       vms.addQuery('correlation_id', source.u_sovlabs_id);
                                       vms.deleteMultiple();
                                      }
    JSON template Modify the JSON template accordingly

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for ServiceNow CMDB:

      Starts with SovLabs-SNowCMDB-

      Do not attach more than 1 ServiceNow CMDB property group to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for ServiceNow CMDB:

      Starts with SovLabs-SNowCMDB-

  4. Repeat Step 3 for all desired blueprints

Advanced Module - Configuration Management

View features and compatibility

Quick Start Process

  1. Define Satellite Configuration(s)
  2. Apply to existing blueprint(s)
  3. Provision!

Prerequisites

  1. Red Hat Satellite server is properly configured
  2. Red Hat Satellite server is configured to utilize activation key(s) for registering nodes
  3. Red Hat Satellite service user account must have rights to add/update/delete content hosts
  4. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Satellite Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Satellite Configuration
    Add Satellite Configuration
    Satellite Configuration
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Satellite Hostname FQDN or IP address of Red Hat Satellite server
    Create credential?

    Uncheck the checkbox to choose from existing Satellite Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username for Red Hat Satellite server

    Password

    *Shown when 'Create credential' is checked

    User's password

    Satellite Organization

    *Auto-generated list based on valid Satellite hostname and Satellite credential

    Select the desired organization to register VMs to

    Activation Key(s) names or template

    List any/all Red Hat Satellite activation keys by name

    *Can be templated: SovLabs Template Engine

    Satellite API 6 upgrade_all? Perform Satellite API 6 upgrade_all? Instructs Red Hat Satellite to update the installed RPM packages to the latest available revisions
    Provisioned Node Credential Configuration

    Credentials to the VMs that will be provisioned

    Create credential?

    Uncheck the checkbox to choose from existing Provisioned Node credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username for the provisioned VM

    Use SSH Key?

    *Shown when 'Create Credential' is checked

    Select whether or not the provisioned VM will utilize an SSH key

    Password

    *Shown when 'Create Credential' is checked and 'Use SSH Key' is unchecked

    User's password

    SSH Key

    *Shown when 'Create Credential' is checked and 'Use SSH Key' is checked

    SSH Key

    SSH Key Password

    *Shown when 'Create Credential' is checked and 'Use SSH Key' is checked

    SSH Key's password, if any

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Red Hat Satellite:

      Starts with SovLabs-Satellite-

      Do not attach more than 1 Red Hat Satellite property group to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Red Hat Satellite:

      Starts with SovLabs-Satellite-

  4. Repeat Step 3 for all desired blueprints

Advanced Module - Backup as a Service Management

View features and compatibility

Quick Start Process

  1. Define Rubrik Cluster Endpoint(s)
  2. Configure Rubrik Backup Profile
  3. Define Notification Configuration for Rubrik
  4. Apply Backup Profile to existing blueprint(s)
  5. Provision and recover VMs!

Prerequisites

  1. Rubrik Cluster is properly configured
  2. Service account with Administrative privileges on the Rubrik Cluster(s)
  3. Email notification:
    1. User account with permissions to the email servers desired
    2. If utilizing an email server, gather the following details:
      • IP Address/hostname of the email server
      • Is the service SMTP or IMAP?
      • Credential details (username/password)
      • Whether SSL/TLS or STARTTLS is required to send emails through your email server
      • Port # of SMTP or IMAP service on that host

        Common ports: (please verify with administrator or provider)

        • SMTP: 25, 465 (SSL), 587 (STARTTLS)
        • IMAP: 143 or 993 (SSL)
  4. Existing SLA Domain(s) on the Rubrik Cluster(s)
  5. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Rubrik Cluster Endpoint
    2. Add Rubrik Backup Profile
    3. Add Notification Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Rubrik Cluster Endpoint
    Add Rubrik Cluster Endpoint
    Rubrik Cluster Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Select the Rubrik Cluster version
    Hostname Rubrik Cluster hostname (FQDN or IP address)
    HTTPS? Rubrik Cluster is always HTTPS
    Port Rubrik Cluster port number
    Credential Configuration for Rubrik Cluster Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing Rubrik Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (no domain)

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. On the Catalog page, click on the Request button for Add Rubrik Backup Profile
    Rubrik Backup Profile
    Rubrik Backup Profile
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Rubrik Cluster Endpoint Select the desired Rubrik Cluster Endpoint
    Protection type

    Select the desired Protection type

    SLA Domain

    *Shown when Protection type is 'Specify SLA Domain'

    *Auto-generated list based on Rubrik Cluster Endpoint selected

    Select the desired SLA Domain

  4. On the Catalog page, click on the Request button for Add Notification Configuration
    Add Notification Configuration
    Notification Configuration

    A notification configuration holds all the necessary information to send notifications

    FieldValue
    Type Select Backup as a Service - Rubrik
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    *Please keep as auto-generated label

    State

    *Please keep both SUCCESS and ERROR checked

    Message type

    *Please keep as Email

    Format Select the desired format
    From address Type the email address that will be sending the notification

    Can be templated: SovLabs Template Engine

    Title

    *Auto-generated Notification title

    Can be templated: SovLabs Template Engine

    Body Body message - defaulted to standard templates. Please update accordingly

    Can be templated: SovLabs Template Engine

    Message Server configuration
    New Message Server?

    Check the checkbox to create a new message server

    Uncheck to choose an existing message server

    Message Server

    *Shown when 'New Message Server' is unchecked

    Select the desired message server from a list of existing message servers
    Message server configuration label

    *Shown when 'New Message Server' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Message Server Address

    *Shown when 'New Message Server' is checked

    Message Server address (SMTP or IMAP host)

    Enable SSL?

    *Shown when 'New Message Server' checked

    Choose whether or not SSL is enabled on the message server
    Message Server port

    *Shown when 'New Message Server' is checked

    Message Server port

    Common ports: (please verify with administrator or provider)

    • SMTP: 25, 465 (SSL), 587 (STARTTLS)
    • IMAP: 143 or 993 (SSL)
    Message Server protocol

    *Shown when 'New Message Server' is checked

    Select the appropriate protocol
    Enable credential?

    *Shown when 'New Message Server' is checked

    Select whether credentials are enabled on the message server
    Create credential?

    Uncheck the checkbox to choose from existing Message Server credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Enable credential' is checked and 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials for the Message Server

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    Username's password

    Enable STARTTLS?

    *Shown when 'New Message Server' is checked and 'Message Type' is Email

    Select whether or not to enable STARTTLS

    Network timeout Defaulted to 6000
    Email Group configuration
    New Email Group?

    Check the checkbox to create a new email group

    Email Group configuration label

    *Please keep as auto-generated label

    To addresses

    *Please keep auto-generated value

    Enter all additional email addresses to send the notifications to

    Can be templated: SovLabs Template Engine

    CC addresses

    Enter all the email addresses to CC the notifications to

    Can be templated: SovLabs Template Engine

    BCC addresses

    Enter all the email addresses to BCC the notifications to

    Can be templated: SovLabs Template Engine

    Only add 1 Notification Configuration for Rubrik

    No further action is necessary to set up SovLabs Notifications for Rubrik Backup as a Service module. The Notification Configuration for Rubrik may be updated any time

  5. Do not add a Notification Group. A notification group for Rubrik Notification Configuration gets auto-generated. The Rubrik Notification Group is not visible in vRA and gets deleted when the Notification Configuration for Rubrik is deleted

Usage

Apply to vRA blueprint(s)

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Rubrik Backup as a Service:

      Starts with SovLabs-Rubrik-

      Do not attach more than 1 Rubrik Backup as a Service property group to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints
  5. Provision

End-user Usage

Provide a guide on how to perform Day 2 operations to end-users

Download User Guide

Enable End-user to Select a Protection Type and SLA Domain at Request Time

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Rubrik Backup as a Service: SovLabs-RubrikChooseSLADomain

  4. Repeat Step 3 for all desired blueprints
  5. Provision

Enable End-user to Recover Files and Folders

Allow the end-user to see the Recover Files and Folders (Rubrik) action on a VM:
  1. Add the action to the entitlement
    • Search text to type in the Name field is: Rubrik
    • Action to add is: Recover Files and Folders (Rubrik)

Enable End-user to Change SLA Domain

Allow the end-user to see the Change SLA Domain (Rubrik) action on a VM:
  1. Add the action to the entitlement
    • Search text to type in the Name field is: Rubrik
    • Action to add is: Change SLA Domain (Rubrik)

Enable End-user to Instant Backup

Allow the end-user to see the Instant Backup (Rubrik) action on a VM:
  1. Add the action to the entitlement
    • Search text to type in the Name field is: Rubrik
    • Action to add is: Instant Backup (Rubrik)

Disable

Remove from vRA blueprint(s)

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Click the desired blueprint name to edit
  4. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Rubrik Backup up as a Service:

      Starts with SovLabs-Rubrik-

  5. Repeat Step 3 for all desired blueprints

End-userSelect a Protection Type and SLA Domain at Request Time

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Click the desired blueprint name to edit
  4. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Rubrik Backup up as a Service: SovLabs-RubrikChooseSLADomain

  5. Repeat Step 3 for all desired blueprints

End-userFile and Folder Recovery

Once the process to restore a VM's files and folders has started, it cannot be stopped

Prevent the end-user from seeing the Recover Files and Folders (Rubrik) action on a VM:
  1. Remove the action from the entitlement
    • Action to remove is: Recover Files and Folders (Rubrik)

End-userChange SLA Domain

Once the process to change a VM's Rubrik SLA Domain has started, it cannot be stopped

Prevent the end-user from seeing the Change SLA Domain (Rubrik) action on a VM:
  1. Remove the action from the entitlement
    • Action to remove is: Change SLA Domain (Rubrik)

End-userInstant Backup

Once the process to instantly backup a VM has started, it cannot be stopped

Prevent the end-user from seeing the Instant Backup (Rubrik) action on a VM:
  1. Remove the action from the entitlement
    • Action to remove is: Instant Backup (Rubrik)

Advanced Module - Backup as a Service Management

View features and compatibility

Quick Start Process

  1. Define Veeam Backup Enterprise Manager Endpoint(s)
  2. Configure Veeam Backup Profile
  3. Define Notification Configuration for Veeam
  4. Apply Backup Profile to existing blueprint(s)
  5. Provision and recover VMs!

Prerequisites

  1. Veeam Backup Enterprise Manager is properly configured
  2. Service account with Administrative privileges on the Veeam Backup Enterprise Manager(s)
  3. Email notification:
    1. User account with permissions to the email servers desired
    2. If utilizing an email server, gather the following details:
      • IP Address/hostname of the email server
      • Is the service SMTP or IMAP?
      • Credential details (username/password)
      • Whether SSL/TLS or STARTTLS is required to send emails through your email server
      • Port # of SMTP or IMAP service on that host

        Common ports: (please verify with administrator or provider)

        • SMTP: 25, 465 (SSL), 587 (STARTTLS)
        • IMAP: 143 or 993 (SSL)
  4. Existing Backup Job(s) on the Veeam BEM Endpoint(s)
  5. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Veeam BEM Endpoint
    2. Add Veeam Backup Profile
    3. Add Notification Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Veeam BEM Endpoint
    Add Veeam BEM Endpoint
    Veeam BEM Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Select the Veeam BEM version
    Hostname Veeam BEM hostname (FQDN)
    HTTPS? Choose whether or not the Veeam BEM Endpoint is HTTPS
    Port Veeam BEM port number
    Credential Configuration for Veeam BEM Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing Veeam BEM Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (no domain)

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. On the Catalog page, click on the Request button for Add Veeam Backup Profile
    Veeam Backup Profile
    Veeam Backup Profile
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Veeam BEM Endpoint Select the desired Veeam Backup Enterprise Manager Endpoint
    Backup Jobs

    *Auto-generated list based on Veeam BEM Endpoint selected

    Select a Backup Job from the left column and click on the right arrow to move it to the right column.

    Repeat for all desired Backup Jobs

  4. On the Catalog page, click on the Request button for Add Notification Configuration
    Add Notification Configuration
    Notification Configuration

    A notification configuration holds all the necessary information to send notifications

    FieldValue
    Type Select Backup as a Service - Veeam
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    *Please keep as auto-generated label

    State

    *Please keep both SUCCESS and ERROR checked

    Message type

    *Please keep as Email

    Format Select the desired format
    From address Type the email address that will be sending the notification

    Can be templated: SovLabs Template Engine

    Title

    *Auto-generated Notification title

    Can be templated: SovLabs Template Engine

    Body Body message - defaulted to standard templates. Please update accordingly

    Can be templated: SovLabs Template Engine

    Message Server configuration
    New Message Server?

    Check the checkbox to create a new message server

    Uncheck to choose an existing message server

    Message Server

    *Shown when 'New Message Server' is unchecked

    Select the desired message server from a list of existing message servers
    Message server configuration label

    *Shown when 'New Message Server' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Message Server Address

    *Shown when 'New Message Server' is checked

    Message Server address (SMTP or IMAP host)

    Enable SSL?

    *Shown when 'New Message Server' checked

    Choose whether or not SSL is enabled on the message server
    Message Server port

    *Shown when 'New Message Server' is checked

    Message Server port

    Common ports: (please verify with administrator or provider)

    • SMTP: 25, 465 (SSL), 587 (STARTTLS)
    • IMAP: 143 or 993 (SSL)
    Message Server protocol

    *Shown when 'New Message Server' is checked

    Select the appropriate protocol
    Enable credential?

    *Shown when 'New Message Server' is checked

    Select whether credentials are enabled on the message server
    Create credential?

    Uncheck the checkbox to choose from existing Message Server credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Enable credential' is checked and 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials for the Message Server

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    Username's password

    Enable STARTTLS?

    *Shown when 'New Message Server' is checked and 'Message Type' is Email

    Select whether or not to enable STARTTLS

    Network timeout Defaulted to 6000
    Email Group configuration
    New Email Group?

    Check the checkbox to create a new email group

    Email Group configuration label

    *Please keep as auto-generated label

    To addresses

    *Please keep auto-generated value

    Enter all additional email addresses to send the notifications to

    Can be templated: SovLabs Template Engine

    CC addresses

    Enter all the email addresses to CC the notifications to

    Can be templated: SovLabs Template Engine

    BCC addresses

    Enter all the email addresses to BCC the notifications to

    Can be templated: SovLabs Template Engine

    Only add 1 Notification Configuration for Veeam

    No further action is necessary to set up SovLabs Notifications for Veeam Backup as a Service module. The Notification Configuration for Veeam may be updated any time

  5. Do not add a Notification Group. A notification group for Veeam Notification Configuration gets auto-generated. The Veeam Notification Group is not visible in vRA and gets deleted when the Notification Configuration for Veeam is deleted

Usage

Apply to vRA blueprint(s)

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Veeam Backup as a Service:

      Starts with SovLabs-VeeamBackupProfile-

      Do not attach more than 1 Veeam Backup as a Service property group to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints
  5. Provision

End-user Usage

Provide a guide on how to perform Day 2 operations to end-users

Download User Guide

Enable End-user to Select a Backup Job at Request Time

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Veeam Backup as a Service:

      SovLabs-VeeamChooseBackupJob

  4. Repeat Step 3 for all desired blueprints
  5. Provision

When destroying VMs, if the VM is the last one in the Veeam Backup Job, it will not be removed from the Veeam Backup Job (since a Veeam Backup Job must have at least 1 VM). The VM will be removed from vCenter as expected

Enable End-user to Recover Files and Folders

Allow the end-user to see the Recover Files and Folders (Veeam) action on a VM:
  1. Add the action to the entitlement
    • Search text to type in the Name field is: Veeam
    • Action to add is: Recover Files and Folders (Veeam)

Enable End-user to Recover VM

Allow the end-user to see the Recover VM (Veeam) action on a VM:
  1. Add the action to the entitlement
    • Search text to type in the Name field is: Veeam
    • Action to add is: Recover VM (Veeam)

Disable

Remove from vRA blueprint(s)

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Click the desired blueprint name to edit
  4. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Veeam Backup up as a Service:

      Starts with SovLabs-VeeamBackupProfile-

  5. Repeat Step 3 for all desired blueprints

End-userSelect a Backup Job at Request Time

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Click the desired blueprint name to edit
  4. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
  5. In the Property Groups section, remove the vRA property group for Veeam Backup up as a Service: SovLabs-VeeamChooseBackupJob

  • Repeat Step 3 for all desired blueprints
  • End-userFile and Folder Recovery

    Once the process to restore a VM's files and folders has started, it cannot be stopped

    Prevent the end-user from seeing the Recover Files and Folders (Veeam) action on a VM:
    1. Remove the action from the entitlement
      • Action to remove is: Recover Files and Folders (Veeam)

    End-userRecover VM

    Once the process to recover a VM has started, it cannot be stopped

    Prevent the end-user from seeing the Recover VM (Veeam) action on a VM:
    1. Remove the action from the entitlement
      • Action to remove is: Recover VM (Veeam)

    Container Management

    View features and compatibility

    Quick Start Process

    1. Define Nirmata Endpoint(s)
    2. Define Nirmata Agent(s)
    3. Apply to existing blueprint(s)
    4. Optionally, boot strap configurations for container host(s)
    5. Deploy apps or container hosts!

    Prerequisites

    1. Nirmata is properly configured
    2. Have an account with Nirmata
    3. Set up Host Groups and Environments in Nirmata
    4. Set up any applications to be deployed from Nirmata
    5. Login to the vRA tenant and validate the following vRA Catalog Items exist:
      1. Add Nirmata Endpoint
      2. Add Nirmata Agent
      3. Deploy Nirmata app environment
      4. Destroy Nirmata app environment
      5. Update Nirmata host group

    Setup

    1. Login to the vRA tenant
    2. On the Catalog page, click on the Request button for Add Nirmata Endpoint
      Add Nirmata Endpoint
      Nirmata Endpoint
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Host URL URL to Nirmata host
      Create credential?

      Uncheck the checkbox to choose from existing Nirmata Endpoint credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Username

      *Shown when 'Create credential' is checked

      Username for Nirmata host

      Password

      *Shown when 'Create credential' is checked

      User's password

    3. On the Catalog page, click on the Request button for: Add Nirmata Agent
      Add Nirmata Agent
      Add Nirmata Agent
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Nirmata Endpoint Select the desired Nirmata endpoint
      Host group

      *Auto-generated based on the Nirmata endpoint selected

      Select the desired host group

      Install script Modify the install script as necessary
      Create credential?

      Uncheck the checkbox to choose from existing Provisioned Node credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Username

      *Shown when 'Create credential' is checked

      Username for provisioned VM

      Password

      *Shown when 'Create credential' is checked

      User's password

    Usage

    1. Login to the vRA tenant
    2. Click on the Design tab > Blueprints
    3. Hover over the desired blueprint name and click Edit
      1. Click on the vSphere machine component on the Blueprint Design Canvas
      2. Click on the Properties tab
      3. In the Property Groups section, add the vRA property group for Multi-Cloud Docker Container Management with Nirmata:

        Starts with SovLabs-Nirmata-

        Do not attach more than 1 Multi-Cloud Docker Container Management with Nirmata property group to a vRA blueprint

    4. Repeat Step 3 for all desired blueprints

    Disable

    1. Login to the vRA tenant
    2. Click on the Design tab > Blueprints
    3. Hover over the desired blueprint name and click Edit
      1. Click on the vSphere machine component on the Blueprint Design Canvas
      2. Click on the Properties tab
      3. In the Property Groups section, remove the vRA property group for Multi-Cloud Docker Container Management with Nirmata:

        Starts with SovLabs-Nirmata-

    4. Repeat Step 3 for all desired blueprints

    SovLabs Extensibility Modules Appendix

    1. Login to the vRA tenant
    2. Click on SovLabs vRA Extensiblity Modules from the left-hand menu
    3. Click on the Items tab
    4. Select the desired category name via the left-hand menu
    5. Click on the desired vRA item

      Don't see the item? Find the Owned by: dropdown (next to the searchbar) and select All groups I Manage

    6. Click on Actions
      • Click on Update to update and submit after filling out form fields
      • Click on Delete to delete and submit

    SovLabs Credential allows better management of credentials across vRA configuration items. Once an Credential is configured, it will be encrypted

    Modules that use the Credential configuration will provide a dropdown list of relevant Credential configurations to choose from

    Prerequisites

    • If utilizing SSH keys, have the full SSH private key readily available along with the SSH Key passphrase, if a passphrase is required
    • If using a simple login username and password, have the credentials readily available

    Setup

    1. Login to the vRA tenant
    2. On the Catalog page, click on the Request button for Manage Credential Configuration
      SovLabs Credential
      Manage Credential Configuration
      FieldValue
      Action Choose whether to Create a credential or Update or Delete an existing credential
      Filter by type

      *Shown if 'Action' is Update or Delete

      Type to filter existing credentials by

      Credential

      *Shown if 'Action' is Update or Delete

      Select an existing credential to update or delete

      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Type

      Type of Credential use

      Subtype

      Subtype for granular filtering

      Connection method Select the connection method
      SSH Key used?

      *Shown when 'Connection method' is SSH based

      Check the checkbox to use an SSH key
      Username Username that has necessary permissions
      Password

      *Shown when 'SSH key used' is checked

      User's password
      SSH Key

      *Shown when 'SSH key used' is checked

      SSH Key
      SSH Key Password

      *Shown when 'SSH key used' is checked

      SSH Key password, if any

    Usage

    Use by selecting a SovLabs Credential configuration in any SovLabs Endpoints and/or Configurations



    Entitle Day 2 Operations for End-users/Groups defined in a vRA entitlement

    Configure Entitlements for End-user Operations

    1. Login to the vRA tenant
    2. Click on Administration > Catalog Management > Entitlements
    3. Click on a desired entitlement to edit
    4. Click on the Items & Approvals tab
    5. Click on the next to Entitled Actions
    6. Type in a desired search text in the Name field to search for all related SovLabs actions
    7. Select all or some of the following actions shown, depending on the level of permissions desired for the entitlement
    8. Click OK to entitle actions and make them available for end-users
    9. Click Finish to save the entitlement

      View screenshot

    10. Repeat for all desired Entitlements

    Remove Entitlements for End-user Operations

    1. Login to the vRA tenant
    2. Click on Administration > Catalog Management > Entitlements
    3. Click on a desired entitlement to edit
    4. Click on the Items & Approvals tab
    5. In the Entitled Actions column, find a desired Action to remove
    6. Click on the and then click Remove
    7. Click Finish to save

      View screenshot

    8. Repeat for all desired Entitlements