Setup

Using VMware Tools

Notice

The Service Account being used for the vCenter endpoint needs to be a member of the SystemConfiguration.Administrators group in vCenter (Administration > Single Sign-On > Users and Groups).

Perform this step only if using VMware Tools to connect to a jump server or target Microsoft AD Domain Controller

VMware Cloud on AWS

Enable connectivity for VM tools for VMware Cloud on AWS and VM tools support

Establish a VPN between the MGW (Management Network) and CGW (Customer Network)
Open port 443 from the firewall

This allows Guest Operations API

Add SovLabs vCenter Endpoint

Login to vRA tenant
Click on the Catalog tab
Request the Add SovLabs vCenter Endpoint vRA Catalog Item
Fill out the form accordingly (see below) and Submit

Add SovLabs vCenter Endpoint

Field	Value
Configuration label	No spaces, periods or special characters except underscore (`_`) and dash (`-`) Unique label DO NOT prepend with your tenant name and an underscore, e.g. mytenant_
Version	Choose the appropriate vCenter version
Platform Service Controller (FQDN)	Shown when 'Version' is 6+ Type in the PSC FQDN
Is the PSC embedded on the vCenter server?	Shown when 'Version' is 6+ Select if the PSC embedded on the vCenter server
vCenter hostname (FQDN)	Text input if 'Version' is less than 6. Auto-generated list in dropdown if 'Version' 6+ Type in or select the appropriate vCenter server FQDN
Credential Configuration for vCenter Endpoint
Create credential?	Check the checkbox to create a new credential. Uncheck the checkbox to use an existing credential.
Credential	Shown when 'Create credential?' is not checked Select the appropriate credential from an existing list of credentials
Credential Configuration label	Shown when 'Create credential?' is checked No spaces, periods or special characters except underscore (`_`) and dash (`-`) Unique label DO NOT prepend with your tenant name and an underscore, e.g. mytenant_
Username	Shown when 'Create credential?' is checked Username that has necessary permissions
Password	Shown when 'Create credential?' is checked User's password

Add Microsoft Endpoint

Login to vRA tenant
Click on the Catalog tab
Request the Add Microsoft Endpoint vRA Catalog Item
Fill out the form accordingly (see below) and Submit

Add Microsoft Endpoint

A Windows 2012 R2 jump server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server

Field	Value
Configuration label	No spaces, periods or special characters except underscore (`_`) and dash (`-`) Unique label DO NOT prepend with your tenant name and an underscore, e.g. mytenant_
Connection type	Connection method to connect to the target or proxy Microsoft server. Click here to use VMware Tools
vCenter Endpoint	Shown when 'Connection type' is `vmware-tools` Select an existing SovLabs vCenter Endpoint where the Microsoft server VM resides in
VM name as it appears in vCenter	Shown when 'Connection type' is `vmware-tools` Type in the VM name of the Microsoft AD server as it appears in vCenter *VM name is case sensitive!
Is a jump server?	Jump servers are limited to `SSH` daemon connection methods only or VMware Tools Choose whether or not to utilize a jump server to make remote commands to the target AD server
Hostname	Shown when 'Connection type' is not `vmware-tools` and 'Is a jump server?' is not checked Microsoft AD server (FQDN or IP Address)
Jump server	Shown when 'Connection type' is not `vmware-tools` and 'Is a jump server?' is checked Jump server FQDN or IP Address for the target Microsoft AD server
Remote server	Shown when 'Is a jump server?' is checked Type in the target Microsoft AD server
Uses non-standard port?	Shown when 'Is a jump server?' is checked Was the `WinRM` or `SSH` daemon was configured to listen on a non-standard port?
Port	Shown when 'Uses non-standard port?' is checked Port number
Credential Configuration for Microsoft Endpoint
Create credential?	Check the checkbox to create a new credential. Uncheck the checkbox to use an existing credential.
Credential	Shown when 'Create credential?' is not checked Select the appropriate credential from an existing list of credentials
Credential Configuration label	Shown when 'Create credential?' is checked No spaces, periods or special characters except underscore (`_`) and dash (`-`) Unique label DO NOT prepend with your tenant name and an underscore, e.g. mytenant_
SSH Key used?	Shown when Create credential?' is checked and 'Connection method' is `SSH` based Check the checkbox to use an SSH Key
Username	Shown when 'Create credential?' is checked Username that has necessary permissions ()
Password	Shown when 'Create credential?' is checked and SSH Key used? is not checked User's password
SSH Key	Shown when 'Create credential?' is checked and SSH Key used? is checked SSH Key
SSH Key Password	Shown when 'Create credential?' is checked and SSH Key used? is checked SSH Key password, if any
Advanced
Temporary directory where scripts will be placed	Optional If not provided, will default to `C:\Windows\temp`. *The Service Account must have permission to write files to and remove files from this directory.
Share path for temporary directory to access	Define if administrative shares are not available Type in `path\share` instead of `\\share-server\path\share`

Add Active Directory Configuration

Login to vRA tenant
Click on the Catalog tab
Request the Add Active Directory Configuration vRA Catalog Item
Fill out the form accordingly (see below) and Submit

Add Active Directory Configuration

Field	Value
Configuration label	No spaces, periods or special characters except underscore (`_`) and dash (`-`) Unique label DO NOT prepend with your tenant name and an underscore, e.g. mytenant_
Microsoft Endpoint(s)	Select all the Microsoft Endpoints configured for Active Directory
Computer name case	Select whether the computer names added in AD should be uppercase or lowercase
Build OU
Use Build OU?	The Build OU does not create the parent OU(s), the parent OU(s) must already exist. If checked, the VM (during vRA lifecycle machineBuilding) will be placed in an interim OU (Build OU) Once the VM has finished building and provisioning, the VM will be moved/placed in the [final] OU *If you configure the profile to use the Build OU, the AD machineBuilding workflow will create the object in the specified OU (Build OU). The move to the final OU does not happen until AD MachineProvisioned
Build OU	DN format ActiveDirectory Organizational Unit (OU) for VMs to join prior to completing provisioning
Create Build OU?	Check the checkbox to create the Build OU if it does not exist
Remove Build OU?	Check the checkbox to remove the Build OU when it is empty and no children exist
OU
OU	DN format ActiveDirectory Organizational Unit (OU) for VMs to join
Create OU?	Check the checkbox to create the OU if it does not exist
Remove OU?	Check the checkbox to remove the OU when it is empty and no children exist
Security Group(s)
AD Security Group(s)	DN format List any/all Security Group(s) for server to join
Advanced
Delete computer accounts based on computer name?	Check the checkbox to find computer account and remove it from AD, regardless of what OU it is in