SovLabs vRA Extensibility Modules

SovLabs Plugin 2017.4.x

Release Notes

Add License

Add module license

Once SovLabs vRA Extensibility module(s) have been purchased or requested as a trial, order details and a license key will be sent via email

One license key will enable functionality for all of the SovLabs vRA Extensibility modules requested

  1. Login to the desired vRA tenant
  2. Click on the Catalog tab
  3. Click on the catalog item: Add License - SovLabs Modules
  4. Fill out the form:
    Field Value
    License key Copy & paste the entire SovLabs license file provided (including the header)
  5. Click Submit

Once the SovLabs license has been added, additional vRA Catalog Item(s) will appear for all the modules licensed.


Platform Extensions

View features and compatibility

Quick Start Process

  1. Define Naming Standard(s)
  2. Define Naming Standard(s)
  3. Apply to existing blueprint(s)
  4. Provision!

Prerequisites

  1. Have naming standard(s) that accounts for different scenarios for your company
  2. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Naming Sequence
    2. Add Naming Standard

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Naming Sequence
    Add Naming Sequence
    Naming Sequence

    One or more Naming Sequences can be used in a Naming Standard

    FieldValue
    Sequence label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Sequence type Choose a sequence type:
    • Decimal (Base 10): 0-9 for each digit
    • HexaDecimal (Base 16): 0-F for each digit
    • Octal (Base 8): 0-7 for each digit
    • Pattern (Mixed bases and static text ): a flexible pattern that allows for unique naming sequences
    Reuse sequence values? Select Yes to reuse a sequence number if it is available
    Max sequence length

    *Shown when Decimal, HexaDecimal or Octal is selected as the sequence type

    What is the maximum number of the sequence length? If a ### sequence is desired, type in 3 for a three digit sequence length

    Initial value

    What is the initial number the sequence starts off with (0 or 1)?

    *Do NOT pad this initial value number

    Sequence padding

    *Shown when Decimal, HexaDecimal or Octal is selected as the sequence type

    Numerical value to pad the sequence to the left in the event that the sequence does not meet the required max sequence length. Defaults to 0

    Pattern type format

    *Shown when Pattern is selected as the sequence type

    Unique key Optional
  3. On the Catalog page, click on the Request button for Add Naming Standard
    Add Naming Standard
    Naming Standard

    A naming standard is a template that generates a specific hostname

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Used for multi-machine containers? Check the checkbox if the naming standard will be used for multi-machine containers
    Select sequence(s) Select the sequences that will be a part of the naming standard
    Template

    Define the naming standard template that will generate the hostname

    The template must include the sequence(s):
    {{ sequence.SEQUENCENAME }}

    Can be templated: SovLabs Template Engine

Example

Configure Pattern Type

Pattern naming sequences are designed to be flexible and multiple base sequences that can match most sequence types used in the industry.

Pattern naming sequences can contain the following types of bases:

Type Pattern Key Default Value Range
Decimal # 0 0-9
HexaDecimal x 0 0-F
Octal o 0 0-7
Binary b 0 0-1
Alpha a a a-z

*All Pattern Keys are to be defined inside / /

Example: /a#b/ is a sequence of alpha, decimal, and binary numbers/letters.


A unique feature of the pattern naming standard is that the sequence can contain static or template text in the sequence, yet the sequence increments as you would expect, ignoring the text.

For example a pattern of /a/StaticText/b/ will result in a the following sequence values:

aStaticText0, aStaticText1, bStaticText0, bStaticText1, cStaticText0. . .

As you can see that part of the sequence that the counter (inside the / /) increments.

Meanwhile, the text outside of the / / remains static text, yet as the right most digit rolled over the next significant digit increased as one would expect. This can be used with or without static text.

If a template is used, the counter is incremented first and then the template is rendered. This means if you have a property called "App" and you use it in a pattern such as /#/{{App}}/#/

  • Run #1 - App = “Test” => sequence value is 0Test1
  • Run #2 - App = “Foo” => sequence value is 0Foo2

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Custom Naming:
      • Starts with SovLabs-NamingStandard- for single machine scenarios
      • Starts with SovLabs-NamingStandardMultiMachineContainer for multi-machine container scenarios

        Do not attach more than 1 Naming Standard property group to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Custom Naming:
      • Starts with SovLabs-NamingStandard- for single machine scenarios
      • Starts with SovLabs-NamingStandardMultiMachineContainer for multi-machine container scenarios
  4. Repeat Step 3 for all desired blueprints

Platform Extensions

View features and compatibility

Quick Start Process

  1. Define Microsoft Endpoint(s)
  2. Define AD Configuration(s)
  3. Apply to existing blueprint(s)
  4. Provision!

Prerequisites

  1. Define your domain controller server(s) and whether or not proxy servers will be used
  2. Install AD Webservices on all the domain controllers that will be used

    Please note that for newer AD hosts like 2012 and above have AD WebServices pre-installed

  3. Ensure NTP is set up correctly
  4. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Microsoft Endpoint
    2. Add ActiveDirectory Configuration
    3. Add SovLabs vCenter Endpoint

Setup

  1. Login to the vRA tenant
  2. Perform this step only if using VMware Tools to connect to a jump server or target Microsoft AD server
    • On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
      Add vCenter Endpoint
      SovLabs vCenter Endpoint
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Version Choose the appropriate vCenter version
      Platform Service Controller (FQDN)

      *Shown when 'Version' is 6+

      Type in the PSC FQDN
      Is the PSC embedded on the vCenter server?

      *Shown when 'Version' is 6+

      vCenter hostname (FQDN)

      *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x

      Type in the vCenter server FQDN
      Credential Configuration for vCenter Endpoint
      Create credential?

      Uncheck the checkbox to choose from existing vCenter Endpoint credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Username

      *Shown when 'Create credential' is checked

      Username (user@example.com)

      Password

      *Shown when 'Create credential' is checked

      User's password

  3. On the Catalog page, click on the Request button for Add Microsoft Endpoint
    Add Microsoft Endpoint
    Microsoft Endpoint

    A Windows 2012 R2 jump server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Connection method Connection method to connect to the target or proxy Microsoft server
    vCenter Endpoint

    *Shown if 'Connection method' is vmware-tools

    Select a previously added SovLabs vCenter Endpoint in Step 2

    VM Name as it appears in vCenter

    *Shown if 'Connection method' is vmware-tools

    Type in the VM name of the Microsoft AD server

    Is a jump server?

    Jump servers are limited to SSH daemon connection methods only or VMware Tools

    Choose whether or not to utilize a jump server to make remote commands to the target AD server

    Jump server

    *Shown if 'Is a jump server' is checked

    Type in the jump server FQDN or IP Address for the target AD server

    Remote server

    *Shown if 'Is a jump server' is checked

    Type in the target AD server

    Uses non-standard port? Select the checkbox if WinRM or SSH daemon was configured to listen on a non-standard port
    Port

    *Shown when 'Uses non-standard port' is checked

    Port number
    Credential Configuration for Microsoft Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing Microsoft Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (user@example.com)

    Password

    *Shown when 'Create credential' is checked

    User's password

    Advanced Configuration
    Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
    Share path for temporary directory to access

    Define if administrative shares are not available

    Type in path\share instead of \\share-server\path\share

  4. On the Catalog page, click on the Request button for Add ActiveDirectory Configuration
    Add ActiveDirectory Configuration
    Active Directory Configuration
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Microsoft Endpoint(s) Select all the Microsoft Endpoints configured for Active Directory
    Computer name case Choose whether or not the computer name added in AD is all uppercase or lowercase
    Build OU
    Use Build OU?

    If checked, a VM during it's machineBuilding vRA lifecycle will be placed in an interim OU (Build OU)

    Once the VM has finished building and provisioning, the VM will be moved/placed in the [final] OU

    *The Build OU does not create the parent OU(s), the parent OU(s) must already exist.

    Build OU

    ActiveDirectory Organizational Unit (OU) for VMs to join prior to completing provisioning

    *Must be in DN format

    Create Build OU? Check to create the Build OU if it does not exist
    Remove OU? Check to remove Build OU if it does not have any children and is empty
    OU
    OU

    ActiveDirectory Organizational Unit (OU) for VMs to join

    *Must be in DN format

    Create OU? Check to create OU if it does not exist
    Remove OU? Check to remove OU if it does not have any children and is empty
    Security Group(s)
    AD Security Group(s)

    List any/all Security Group(s) for server to join

    *Must be in DN format

    Advanced
    Delete computer accounts based on computer name? If checked, will attempt to find computer account and remove it, regardless of what OU it is in

Example

SovLabs Template Engine for OUs

Assumptions:
  • The following properties (teamID, ORGID, LOCATION) are defined on the vRA Blueprint or inherited from the vRA Business Group or Compute Resources and etc.
  • teamID: Development
  • ORGID: e712
  • LOCATION: Atlanta
Example OU
  • Input

    
                          OU={{teamID | downcase }},OU={{ORGID | upcase}},OU={{LOCATION | substring: 0,2 | downcase}},DC=sovlabs, DC=net
                        
  • Output

    OU=development,OU=E712,OU=atl,DC=sovlabs,DC=net

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Microsoft AD:

      Starts with SovLabs-AD-

      Do not attach more than 1 Microsoft AD property group to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Microsoft AD:

      Starts with SovLabs-AD-

  4. Repeat Step 3 for all desired blueprints

Platform Extensions

View features and compatibility

Quick Start Process

  1. Define Notification Configuration(s)
  2. Define Notification Group(s)
  3. Apply to existing blueprint(s)
  4. Provision!

Prerequisites

  1. User account with permissions to the webservices and/or email servers desired
  2. If utilizing an email server, gather the following details:
    • IP Address/hostname of the email server
    • Is the service SMTP or IMAP?
    • Credential details (username/password)
    • Whether SSL/TLS or STARTTLS is required to send emails through your email server
    • Port # of SMTP or IMAP service on that host

      Common ports: (please verify with administrator or provider)

      • SMTP: 25, 465 (SSL), 587 (STARTTLS)
      • IMAP: 143 or 993 (SSL)
  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Notification Configuration
    2. Add Notification Group Configuration
    3. Manage Notification Message Server Configuration
    4. Manage Notification Email Group Configuration
    5. Manage Credential Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Notification Configuration
    Add Notification Configuration
    Notification Configuration

    A notification configuration holds all the necessary information to send notifications

    FieldValue
    Type Select the notification type:
    • VMLIFECYCLE: Send notifications during a VM lifecycle (provision/dispose)
    • SNAPSHOT: Send notifications for SovLabs vSphere Snapshot Management module
    • SovLabs IPAM: Optionally, send warning notifications for when IP addresses that are marked free on the IPAM are found to be in use on the network. For SovLabs IPAM modules.

      *Only one SovLabs IPAM notification can be added.

    • Backup as a Service - Cohesity: Optionally, send notifications for Day 2 activities for SovLabs Backup as a Service for Cohesity module.

      *Only one Backup as a Service - Cohesity notification can be added.

    • Backup as a Service - Rubrik: Optionally, send notifications for Day 2 activities for SovLabs Backup as a Service for Rubrik module.

      *Only one Backup as a Service - Rubrik notification can be added.

    • Backup as a Service - Veeam: Optionally, send notifications for Day 2 activities for SovLabs Backup as a Service for Veeam module.

      *Only one Backup as a Service - Veeam notification can be added.

    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    State

    VMLIFECYCLE:

    • VM PROVISIONED - SUCCESS: Will send at the end of a successful VM provision
    • VM PROVISIONED - ERROR: Will send when a VM disposed after it faced error(s) during provisioning
    • VM DISPOSED - SUCCESS: Will send at the end of a successful VM disposal

    SNAPSHOT:

    • NEW: When a new snapshot is found
    • WARNING: When a snapshot is going to be deleted
    • DELETE: When a snapshot has been deleted

    SovLabs IPAM: SUCCESS and ERROR are checked by default and is a read-only field

    Backup as a Service modules: SUCCESS and ERROR are checked by default and is a read-only field

    Message type Select the notification message type
    Format Select the desired format
    From address The address that will be sending the notification

    Can be templated: SovLabs Template Engine

    Title Notification title

    Can be templated: SovLabs Template Engine

    Body Body message - defaulted to standard templates. Please update accordingly

    *For a WebService, the only payload accepted is a JSON payload


    VMLIFECYCLE

    • The template {{ SovLabs_NotificationLog }} will insert specific logs as the VM goes through its lifecycles.
    • The template {{ SovLabs_NotificationErrorLog }} will insert any error logs faced as the VM goes through its lifecycles

    Can be templated: SovLabs Template Engine

    Message Server configuration
    New Message Server?

    Check the checkbox to create a new message server

    Uncheck to choose an existing message server

    Message Server

    *Shown when 'New Message Server' is unchecked

    Select the desired message server from a list of existing message servers
    Message server configuration label

    *Shown when 'New Message Server' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Message Server Address

    *Shown when 'New Message Server' is checked

    Message Server address

    NOTE: for a WebService, the request body is used as type JSON to deliver data to the web service it is connecting to.

    The address will not be modified by SovLabs' module to provide data via the URL. If the request is directed at a specific method for the call please include that as part of the address parameter.

    *If the WebService address is: webserver.domain.com and the URL directive for method is: /logmessage, the resulting Message server address should be: webserver.domain.com/logmessage

    Enable SSL?

    *Shown when 'New Message Server' checked

    Choose whether or not SSL is enabled on the message server
    Message Server port

    *Shown when 'New Message Server' is checked

    Message Server port

    Common ports: (please verify with administrator or provider)

    • SMTP: 25, 465 (SSL), 587 (STARTTLS)
    • IMAP: 143 or 993 (SSL)
    Message Server HTTP verb

    *Shown when New Message Server is checked and the Message type is WebService

    Select the HTTP Verb

    Any HTTP verb used must be assumed to use the JSON body content to properly direct the server's behavior. The Notifications module does not modify URL with parameters.

    Message Server protocol

    *Shown when 'New Message Server' is checked

    Select the appropriate protocol
    Enable credential?

    *Shown when 'New Message Server' is checked

    Select whether credentials are enabled on the message server
    Create credential?

    Uncheck the checkbox to choose from existing Message Server credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Enable credential' is checked and 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials for the Message Server

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    Username's password

    Enable STARTTLS?

    *Shown when 'New Message Server' is checked and 'Message Type' is Email

    Select whether or not to enable STARTTLS

    Network timeout Defaulted to 6000
    Email Group configuration

    *Shown when the 'Message Server Type' is Email

    New Email Group?

    Check the checkbox to create a new email group

    Uncheck to choose an existing email group

    Email Group

    *Shown when 'New Email Group' is unchecked

    Select the desired email group from a list of existing email groups
    Email Group configuration label

    *Shown when 'New Email Group' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    To addresses

    *Shown when New Email Group is checked

    Enter all the email addresses to send the notifications to

    Can be templated: SovLabs Template Engine

    CC addresses

    *Shown when New Email Group is checked

    Enter all the email addresses to CC the notifications to

    Can be templated: SovLabs Template Engine

    BCC addresses

    *Shown when New Email Group is checked

    Enter all the email addresses to BCC the notifications to

    Can be templated: SovLabs Template Engine

  3. On the Catalog page, click on the Request button for: Add Notification Group Configuration
    Add Notification Group Configuration
    Notification Group Configuration

    A Notification Group configuration holds multiple notification configurations

    A Notification Group does not need to be added for Notification types: SovLabs IPAM or Backup as a Service because they will be auto-generated when adding a Notification Configuration.
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Type Select the type of notifications configurations to group
    Notifications Select all notification configurations filtered by type for this notification group
  4. To update/edit a Message Server for Notifications:
    1. Request Manage Notification Message Server
    2. Select an action: Create/Update/Delete
    3. Fill in the form fields accordingly
  5. To update/edit an Email Group for Notifications:
    1. Request Manage Notification Email Group
    2. Select an action: Create/Update/Delete
    3. Fill in the form fields accordingly

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Notifications:

      Starts with SovLabs-NotificationGroup-

      Do not attach more than 1 Notifications property group to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Notifications:

      Starts with SovLabs-NotificationGroup-

  4. Repeat Step 3 for all desired blueprints

Quick Start Process

  1. Define Endpoint(s)
  2. Define DNS Configuration(s)
  3. Provision!

Core module - DNS

View features and compatibility

Prerequisites

  1. BlueCat user on (all) BlueCats(s) with API permissions:
    1. Through the BlueCat web portal, go to Administration > Users and Groups
    2. On the top-left of the Users pane, select New > User
    3. In the User creation wizard:
      • Type of user: Administrator
      • Access type: API
  2. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add BlueCat Endpoint
    2. Add DNS Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add BlueCat Endpoint
    Add BlueCat Endpoint
    BlueCat Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Hostname BlueCat FQDN
    HTTPS? Choose whether or not BlueCat is on HTTPS
    Port BlueCat port number
    Configuration name BlueCat configuration name
    DNS view name

    BlueCat DNS view name

    Custom User Field Configurations
    Host record user defined field(s)

    Add in any custom user fields (e.g. comments) used for BlueCat DNS

    Can be templated: SovLabs Template Engine

    IP record user defined fields

    *Skip if not using the SovLabs BlueCat IPAM module

    Add in any custom user fields (e.g. comments) used for BlueCat IPAM

    Can be templated: SovLabs Template Engine

    Credential Configuration for BlueCat Endpoint
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. Create the DNS Configuration

Core module - DNS

View features and compatibility

Prerequisites

  1. User with Administrator type Master and Role superuser
  2. Configure Negative Cache TTL on each DNS domain zone otherwise machine provisioning will fail:
    1. Through the BlueCat web portal, go to Management > DNS > Domains
    2. Select the domain to edit
    3. Set the Negative Cache TTL field to 60
  3. BT Diamond's default SSL certificate has a weak hash algorithm that the vRO appliance rejects. Please contact SovLabs for further assistance if the native BT Diamond SSL certificate is being used.
  4. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add BT Diamond Endpoint
    2. Add DNS Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add BT Diamond Endpoint
    Add BT Diamond Endpoint
    BT Diamond Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version BT Diamond version
    IPControl Hostname BT Diamond IPControl FQDN
    Port BT Diamond port number
    Credential Configuration for BT Diamond IPControl Endpoint
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. Create the DNS Configuration

Core module - DNS

View features and compatibility

Prerequisites

  1. Infoblox user on (all) Infoblox appliance(s) with the following permissions:
    • API and GUI access configured
    • Add/remove DNS Records
  2. Infoblox WAPI version must be 1.2+

    *Access https://{infoblox-fqdn}/wapidoc/ and look in the upper-left corner

  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Infoblox Endpoint
    2. Add DNS Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Infoblox Endpoint
    Add Infoblox Endpoint
    Infoblox Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Hostname Infoblox appliance's FQDN or IP address
    HTTPS Select whether or not the Infoblox appliance is HTTPS
    Port

    * Normally 443 for HTTPS and 80 for HTTP

    Infoblox appliance port
    WAPI Version

    Select 1.2 if WAPI version is less than 2.0

    Select 2.0 if WAPI version is 2.0 or greater

    DNS view

    *Optional

    What is the DNS view this endpoint supports?

    Network view

    *Optional

    What is the Network view this endpoint supports?

    Credential Configuration for Infoblox Endpoint
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

    Click Next

    Advanced Options

    Host record template

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

    Leave blank to default

    A record template

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

    Leave blank to default

    PTR record template

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

    Leave blank to default

    Fixed address template

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

    Leave blank to default

  3. Create the DNS Configuration

Core module - DNS

View features and compatibility

Prerequisites

  1. Install Men & Mice Web Services to use REST API
  2. Men & Mice user on (all) Men & Mice with API permissions:
    • API access configured
  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Men and Mice Endpoint
    2. Add DNS Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Men and Mice Endpoint
    Add Men and Mice Endpoint
    Men and Mice Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Men & Mice version
    Hostname Men and Mice FQDN
    HTTPS Select whether or not Men & Mice is HTTPS
    Port Men and Mice port number
    Credential Configuration for Men and Mice Endpoint
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique credential name

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

    IPAM Configuration
    Device custom properties

    *Skip if not using the SovLabs Men & Mice IPAM module

    Add in any custom device properties (e.g. comments) used for Men & Mice IPAM

    Can be templated: SovLabs Template Engine

  3. Create the DNS Configuration

Core module - DNS

View features and compatibility

Prerequisites

  1. Define your domain controller server(s) and whether or not proxy servers will be used
  2. Install AD Webservices on all the domain controllers that will be used
  3. Ensure NTP is set up correctly
  4. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Microsoft Endpoint
    2. Add IPAM Profile
    3. Add SovLabs vCenter Endpoint

Setup

  1. Login to the vRA tenant
  2. Perform this step only if using VMware Tools to connect to a jump server or target Microsoft DNS server
    • On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
      Add vCenter Endpoint
      SovLabs vCenter Endpoint
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Version Choose the appropriate vCenter version
      Platform Service Controller (FQDN)

      *Shown when 'Version' is 6+

      Type in the PSC FQDN
      Is the PSC embedded on the vCenter server?

      *Shown when 'Version' is 6+

      vCenter hostname (FQDN)

      *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x

      Type in the vCenter server FQDN
      Credential Configuration for vCenter Endpoint
      Create credential?

      Uncheck the checkbox to choose from existing vCenter Endpoint credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Username

      *Shown when 'Create credential' is checked

      Username (user@example.com)

      Password

      *Shown when 'Create credential' is checked

      User's password

  3. On the Catalog page, click on the Request button for Add Microsoft Endpoint
    Add Microsoft Endpoint
    Microsoft Endpoint

    A Windows 2012 R2 jump server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Connection method Connection method to connect to the target or proxy Microsoft server
    vCenter Endpoint

    *Shown if 'Connection method' is vmware-tools

    Select a previously added SovLabs vCenter Endpoint in Step 2

    VM Name as it appears in vCenter

    *Shown if 'Connection method' is vmware-tools

    Type in the VM name of the Microsoft AD server

    Is a jump server?

    Jump servers are limited to SSH daemon connection methods only or VMware Tools

    Choose whether or not to utilize a jump server to make remote commands to the target AD server

    Jump server

    *Shown if 'Is a jump server' is checked

    Type in the jump server FQDN or IP Address for the target AD server

    Remote server

    *Shown if 'Is a jump server' is checked

    Type in the target AD server

    Uses non-standard port? Select the checkbox if WinRM or SSH daemon was configured to listen on a non-standard port
    Port

    *Shown when 'Uses non-standard port' is checked

    Port number
    Credential Configuration for Microsoft Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing Microsoft Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (user@example.com)

    Password

    *Shown when 'Create credential' is checked

    User's password

    Advanced Configuration
    Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
    Share path for temporary directory to access

    Define if administrative shares are not available

    Type in path\share instead of \\share-server\path\share

  4. Create the DNS Configuration

Core module - DNS

View features and compatibility

Prerequisites

  1. Must have SolarWinds 4.5.1 in order to make REST API calls
    • SolarWinds user with API permissions: API access configured
  2. SolarWinds 4.3.x and 4.4.x will utilize the SolarWinds database
    • Database credentials for the SolarWinds database with permissions to execute SET/GET queries
  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add SolarWinds Endpoint
    2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add SolarWinds Endpoint
    Add SolarWinds Endpoint
    SolarWinds IP Address Manager Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version

    SolarWinds version

    IP Address Manager Hostname

    *Shown when version is 4.5.1+

    SolarWinds IP Address Manager FQDN
    HTTPS

    *Shown when version is 4.5.1+

    Select whether or not the SolarWinds IP Address Manager is HTTPS
    Port

    *Shown when version is 4.5.1+

    SolarWinds IP Address Manager
    Database hostname

    *Shown when version is 4.3.x, 4.4.x

    SolarWinds database FQDN
    Database name

    *Shown when version is 4.3.x, 4.4.x

    The database name, defaults to SolarWindsOrion
    Database port

    *Shown when version is 4.3.x, 4.4.x

    SolarWinds Database port number
    Credential Configuration for SolarWinds IP Address Manager
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique credential name

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

    DNS Configuration
    Primary DNS Server IP Address

    Type in the Primary DNS server IP Address

    *For Microsoft DNS, any authoritative DNS server.

    For BIND, the primary authoritative DNS server.

    IPAM Configuration
    IPAM comment field

    *Skip if not using the SovLabs SolarWinds IPAM module

    Type in an IP Address' comment when reserved

    Can be templated: SovLabs Template Engine

  3. Create the DNS Configuration

DNS Configuration

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add DNS Configuration
    Add DNS Configuration
    DNS Configuration
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Domains

    Add in all domains for this DNS configuration to support.

    *Must be a qualified domain (e.g. example.com is valid. example without the .com, .org, .net, etc would not be valid)

    Networks Add in all the networks (X.X.X.X/CIDR) for this DNS configuration to support
    DNS server type Select the desired DNS type
    DNS Hosts Select all desired DNS type endpoints
    Create A Records? Check the checkbox to create A Records
    Create PTR Records? Check the checkbox to create PTR Records
    Create Host Records?

    *Shown when DNS server type is 'Infoblox'

    Check the checkbox to create Host Records

    Use as default server?

    Check the checkbox to have this DNS configuration be the default if domain or network is not matched in any other DNS configuration(s)

    Only recommended for simple DNS configurations

Usage

  1. Login to the vRA tenant
  2. Click on the Infrastructure tab > Reservations > Reservations
  3. Hover over the reservation in association with the DNS configured domain and click Edit
    1. Click on the Network tab
    2. Check the appropriate network path and select the appropriate Network Profile from the dropdown
    3. Click OK

The next provisioned VM will automatically attempt to register with DNS only if the VM is in the configured domain and/or network defined for the DNS Configuration

Advanced

Register with additional DNS zones for the same NIC and hostname

  1. Verify a DNS configuration exists for the additional DNS zones
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section:
      1. Click on the New Property button
      2. Type in SovLabs_AdditionalDNSSuffixes for the Name field
      3. For the Value field:
        • Type in a list of additional DNS zones to register the host
        • Must be comma separated
        • Example: zone1.com,zone2.com
      4. Click on the button
    4. Click OK
  4. Repeat Step 2 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section:
      1. Click on the New Property button
      2. Type in SovLabs_DisableDNS for the Name field
      3. Type in true for the Value field
      4. Click on the button
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Quick Start Process

  1. Define Endpoint(s)
  2. Define IPAM Profile(s)
  3. Apply to existing blueprint(s)
  4. Provision!

Core module - IPAM

View features and compatibility

Prerequisites

  1. BlueCat user on (all) BlueCats(s) with API permissions:
    1. Through the BlueCat web portal, go to Administration > Users and Groups
    2. On the top-left of the Users pane, select New > User
    3. In the User creation wizard:
      • Type of user: Administrator
      • Access type: API
  2. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add BlueCat Endpoint
    2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add BlueCat Endpoint
    Add BlueCat Endpoint
    BlueCat Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Hostname BlueCat FQDN
    HTTPS? Choose whether or not BlueCat is on HTTPS
    Port BlueCat port number
    Configuration name BlueCat configuration name
    DNS view name

    *Skip if not using the SovLabs BlueCat DNS module

    BlueCat DNS view name

    Custom User Field Configurations
    Host record user defined field(s)

    *Skip if not using the SovLabs BlueCat DNS module

    Add in any custom user fields (e.g. comments) used for BlueCat DNS

    Can be templated: SovLabs Template Engine

    IP record user defined fields

    Add in any custom user fields (e.g. comments) used for BlueCat IPAM

    Can be templated: SovLabs Template Engine

    Credential Configuration for BlueCat Endpoint
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. Create the IPAM Profile

Core module - IPAM

View features and compatibility

Prerequisites

  1. User with Administrator type Master and Role superuser
  2. Configure Negative Cache TTL on each DNS domain zone otherwise machine provisioning will fail:
    1. Through the BlueCat web portal, go to Management > DNS > Domains
    2. Select the domain to edit
    3. Set the Negative Cache TTL field to 60
  3. BT Diamond's default SSL certificate has a weak hash algorithm that the vRO appliance rejects. Please contact SovLabs for further assistance if the native BT Diamond SSL certificate is being used.
  4. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add BT Diamond Endpoint
    2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add BT Diamond Endpoint
    Add BT Diamond Endpoint
    BT Diamond Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version BT Diamond version
    IPControl Hostname BT Diamond IPControl FQDN
    Port BT Diamond port number
    Credential Configuration for BT Diamond IPControl Endpoint
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. Create the IPAM Profile

Core module - IPAM

View features and compatibility

Prerequisites

  1. Infoblox user on (all) Infoblox appliance(s) with the following permissions:
    • API and GUI access configured
    • Add/remove Host Records, A Records and/or PTR Records
  2. Infoblox WAPI version must be 1.2+

    *Access https://{infoblox-fqdn}/wapidoc/ and look in the upper-left corner

  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Infoblox Endpoint
    2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Infoblox Endpoint
    Add Infoblox Endpoint
    Infoblox Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Hostname Infoblox appliance's FQDN or IP address
    HTTPS Select whether or not the Infoblox appliance is HTTPS
    Port

    * Normally 443 for HTTPS and 80 for HTTP

    Infoblox appliance port
    WAPI Version

    Select 1.2 if WAPI version is less than 2.0

    Select 2.0 if WAPI version is 2.0 or greater

    DNS view

    *Optional

    What is the DNS view this endpoint supports?

    Network view

    *Optional

    What is the Network view this endpoint supports?

    Credential Configuration for Infoblox Endpoint
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

    Click Next

    Advanced Options

    Host record template

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

    Leave blank to default

    A record template

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

    Leave blank to default

    PTR record template

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

    Leave blank to default

    Fixed address template

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

    Leave blank to default

  3. Create the IPAM Profile

Core module - IPAM

View features and compatibility

Prerequisites

  1. Install Men & Mice Web Services to use REST API
  2. Men & Mice user on (all) Men & Mice with API permissions:
    • API access configured
  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Men and Mice Endpoint
    2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Men and Mice Endpoint
    Add Men and Mice Endpoint
    Men and Mice Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Men & Mice version
    Hostname Men and Mice FQDN
    HTTPS Select whether or not Men & Mice is HTTPS
    Port Men and Mice port number
    Credential Configuration for Men and Mice Endpoint
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique credential name

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

    IPAM Configuration
    Device custom properties

    Add in any custom device properties (e.g. comments) used for Men & Mice IPAM

    Can be templated: SovLabs Template Engine

  3. Create the IPAM Profile

Core module - IPAM

View features and compatibility

Prerequisites

  1. Install IPAM client on Microsoft IPAM (target or proxy) server:
    1. Server Manager > Manage > Add Roles and Features
    2. Accept defaults and click Next until the Features option
    3. Expand Remote Server Administration Tools > expand Feature Administration Tools
    4. Select IP Address Management (IPAM) Client
    5. Confirm and click Install
  2. Enable non-local administrators to run IPAM cmdlets
  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Microsoft Endpoint
    2. Add IPAM Profile
    3. Add SovLabs vCenter Endpoint

Setup

  1. Login to the vRA tenant
  2. Perform this step only if using VMware Tools to connect to a jump server or target Microsoft IPAM server
    • On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
      Add vCenter Endpoint
      SovLabs vCenter Endpoint
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Version Choose the appropriate vCenter version
      Platform Service Controller (FQDN)

      *Shown when 'Version' is 6+

      Type in the PSC FQDN
      Is the PSC embedded on the vCenter server?

      *Shown when 'Version' is 6+

      vCenter hostname (FQDN)

      *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x

      Type in the vCenter server FQDN
      Credential Configuration for vCenter Endpoint
      Create credential?

      Uncheck the checkbox to choose from existing vCenter Endpoint credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Username

      *Shown when 'Create credential' is checked

      Username (user@example.com)

      Password

      *Shown when 'Create credential' is checked

      User's password

  3. On the Catalog page, click on the Request button for Add Microsoft Endpoint
    Add Microsoft Endpoint
    Microsoft Endpoint

    A Windows 2012 R2 jump server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Connection method Connection method to connect to the target or proxy Microsoft server
    vCenter Endpoint

    *Shown if 'Connection method' is vmware-tools

    Select a previously added SovLabs vCenter Endpoint in Step 2

    VM Name as it appears in vCenter

    *Shown if 'Connection method' is vmware-tools

    Type in the VM name of the Microsoft AD server

    Is a jump server?

    Jump servers are limited to SSH daemon connection methods only or VMware Tools

    Choose whether or not to utilize a jump server to make remote commands to the target AD server

    Jump server

    *Shown if 'Is a jump server' is checked

    Type in the jump server FQDN or IP Address for the target AD server

    Remote server

    *Shown if 'Is a jump server' is checked

    Type in the target AD server

    Uses non-standard port? Select the checkbox if WinRM or SSH daemon was configured to listen on a non-standard port
    Port

    *Shown when 'Uses non-standard port' is checked

    Port number
    Credential Configuration for Microsoft Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing Microsoft Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (user@example.com)

    Password

    *Shown when 'Create credential' is checked

    User's password

    Advanced Configuration
    Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
    Share path for temporary directory to access

    Define if administrative shares are not available

    Type in path\share instead of \\share-server\path\share

  4. Create the IPAM Profile

Core module - IPAM

View features and compatibility

Prerequisites

  1. Must have SolarWinds 4.5.1 in order to make REST API calls
    • API access configured
  2. SolarWinds 4.3.x and 4.4.x will utilize the SolarWinds database
    • Database credentials for the SolarWinds database with permissions to execute SET/GET queries
  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add SolarWinds Endpoint
    2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add SolarWinds Endpoint
    Add SolarWinds Endpoint
    SolarWinds IP Address Manager Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version

    SolarWinds version

    IP Address Manager Hostname

    *Shown when version is 4.5.1+

    SolarWinds IP Address Manager FQDN
    HTTPS

    *Shown when version is 4.5.1+

    Select whether or not the SolarWinds IP Address Manager is HTTPS
    Port

    *Shown when version is 4.5.1+

    SolarWinds IP Address Manager
    Database hostname

    *Shown when version is 4.3.x, 4.4.x

    SolarWinds database FQDN
    Database name

    *Shown when version is 4.3.x, 4.4.x

    The database name, defaults to SolarWindsOrion
    Database port

    *Shown when version is 4.3.x, 4.4.x

    SolarWinds Database port number
    Credential Configuration for SolarWinds IP Address Manager
    Create credential?

    Check the checkbox to create a new credential configuration

    Leave unchecked to choose from existing credentials

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique credential name

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    User's password

    DNS Configuration
    Primary DNS Server IP Address

    *Skip if not using the SovLabs SolarWinds DNS module

    Type in the Primary DNS server IP Address

    *For Microsoft DNS, any authoritative DNS server.

    For BIND, the primary authoritative DNS server.

    IPAM Configuration
    IPAM comment field

    Type in an IP Address' comment when reserved

    Can be templated: SovLabs Template Engine

  3. Create the IPAM Profile

IPAM Profile

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add IPAM Profile
    Add IPAM Profile
    IPAM Profile
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Description

    *Optional

    Description of IPAM profile

    IPAM type Select the desired IPAM type
    Provider host

    *Auto-populates after an IPAM type is selected. If nothing is available, please make sure to have added an IPAM type endpoint

    Select the desired IPAM type endpoint

    Subnets, Gateways and Network names Subnet: X.X.X.X/CIDR
    Gateway: X.X.X.X
    Network Name: Corresponds to the VMware port group name in vCenter to be configured on the VM for this nic. Please refer to your vCenter configuration to identify what this value should be (vSphere Client > Networking > Portgroups).

    Can be templated: SovLabs Template Engine

    1. Type in a subnet and its gateway and network name (all comma separated) into the input field

      (e.g. 10.0.0.0/24, 10.0.0.1, networkName)

    2. Click the green to add the entry into the array
    3. Repeat Steps 1-2 until all desired subnets for the IPAM profile are entered
    Excluded IPs Enter all IPs to be excluded (e.g. 10.0.0.1)
    NIC number Enter in a NIC number (0-9) for this IPAM profile
    Primary DNS Input the Primary DNS
    Secondary DNS Input the Secondary DNS
    DNS suffix Input the DNS suffix
    DNS search suffix Input the DNS search suffix(es) (comma separated)
    Primary WINS Input the Primary WINS
    Secondary WINS Input the Secondary WINS

Usage

  1. Login to the vRA tenant
  2. Click on the Infrastructure tab > Reservations > Network Profiles
  3. Hover over the network profile that best matches the network for the IPAM and click Edit
    1. On the Network Profile Information tab in the DNS/WINS section, verify that the DNS Suffix is set
    2. Click OK
  4. Click on the Reservation menu item from Infrastructure tab > Reservations
  5. Hover over the reservation in association with the network profile from Step 3 and click Edit
    1. Click on the Network tab
    2. Keep one network path checked and uncheck the rest, if any
    3. Clear the all Network Profile dropdown values (that were associated with the network path(s)) by selecting the empty select option
    4. Click OK
  6. Click on the Design tab > Blueprints
  7. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for IPAM:

      Starts with SovLabs-IPAMProfile- and ends with -nic#

      Do not attach more than 1 IPAM property group to a blueprint with the same nic number

  8. Repeat Step 7 for all desired blueprints

Skip IP in Use

Enable the feature to skip IP addresses that are marked free on IPAM, but are actually found to be in use on the network.

Prerequisites

  1. Custom Naming licensed and Custom Naming vRA Property Group is attached to vRA blueprint
  2. Optionally, Notifications licensed to send warning emails

Optionally, set up SovLabs Notification

Skip this section to not receive warning emails

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Notification Configuration
    Add Notification Configuration
    Notification Configuration

    A notification configuration holds all the necessary information to send notifications

    FieldValue
    Type Select the notification type: SovLabs IPAM
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    *Please keep as auto-generated label

    State SUCCESS and ERROR are checked by default and is a read-only field
    Message type Select the notification message type
    Format Select the desired format
    From address The address that will be sending the notification

    Can be templated: SovLabs Template Engine

    Title Notification title

    Can be templated: SovLabs Template Engine

    Body Body message - defaulted to standard templates. Please update accordingly

    Can be templated: SovLabs Template Engine

    Message Server configuration
    New Message Server?

    Check the checkbox to create a new message server

    Uncheck to choose an existing message server

    Message Server

    *Shown when 'New Message Server' is unchecked

    Select the desired message server from a list of existing message servers
    Message server configuration label

    *Shown when 'New Message Server' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Message Server Address

    *Shown when 'New Message Server' is checked

    Message Server address

    Enable SSL?

    *Shown when 'New Message Server' checked

    Choose whether or not SSL is enabled on the message server
    Message Server port

    *Shown when 'New Message Server' is checked

    Message Server port

    Common ports: (please verify with administrator or provider)

    • SMTP: 25, 465 (SSL), 587 (STARTTLS)
    • IMAP: 143 or 993 (SSL)
    Message Server protocol

    *Shown when 'New Message Server' is checked

    Select the appropriate protocol
    Enable credential?

    *Shown when 'New Message Server' is checked

    Select whether credentials are enabled on the message server
    Create credential?

    Uncheck the checkbox to choose from existing Message Server credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Enable credential' is checked and 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials for the Message Server

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    Username's password

    Enable STARTTLS?

    *Shown when 'New Message Server' is checked and 'Message Type' is Email

    Select whether or not to enable STARTTLS

    Network timeout Defaulted to 6000
    Email Group configuration

    *Shown when the 'Message Server Type' is Email

    New Email Group?

    Check the checkbox to create a new email group

    Uncheck to choose an existing email group

    Email Group

    *Shown when 'New Email Group' is unchecked

    Select the desired email group from a list of existing email groups
    Email Group configuration label

    *Shown when 'New Email Group' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    To addresses

    *Shown when New Email Group is checked

    Enter all the email addresses to send the notifications to

    Can be templated: SovLabs Template Engine

    CC addresses

    *Shown when New Email Group is checked

    Enter all the email addresses to CC the notifications to

    Can be templated: SovLabs Template Engine

    BCC addresses

    *Shown when New Email Group is checked

    Enter all the email addresses to BCC the notifications to

    Can be templated: SovLabs Template Engine

  3. A notification group does not have to be added since it will be auto-generated. The auto-generated notification group does not have to be attached to the vRA blueprint
  4. Do not create more than 1 Notification Configuration of type SovLabs IPAM

Usage for SovLabs Skip IP in Use

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section, add the vRA property:

      Name: SovLabs_IPAMSkipInUseIP and Value: true

      Changing the value to false does not disable this feature.

  4. Verify that a SovLabs Custom Naming vRA Property Group is attached
  5. Repeat Step 3 and 4 for all desired blueprints

Disable SovLabs Skip IP in Use

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section, remove the vRA property:

      SovLabs_IPAMSkipInUseIP

  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for IPAM:

      Starts with SovLabs-IPAMProfile- and ends with -nic#

  4. Repeat Step 3 for all desired blueprints

Metadata Management

View features and compatibility

Quick Start Process

  1. Define Property Set(s) on existing blueprint(s)
  2. Provision!

Setup

Property names and values can be templated using the SovLabs Template Engine

  1. Login to the vRA tenant
  2. Click on the Administration tab > Property Dictionary
  3. Click on Property Group
  4. Click on +New
    • Name: Provide a name for the Property Group
    • Properties: Click on +New to add a new property:
      • Name:
        • Always prefix the name with SovLabs_CreateProperties_ (e.g. SovLabs_CreateProperties_Location)
        • Multiple properties can be attached as long as the suffix is unique

      • Value: Multiple properties can exist on each property and must be in one of the following 4 formats
        1. Single Object (JSON format)
          Example
          • Format

            {
                                                 "name": "foo",
                                                 "value": "bar",
                                                 "hidden": false,
                                                 "runtime": false,
                                                 "encrypted": false,
                                                 "doNotUpdate": false
                                                }
                                                
          • Description

            • name is the name of the Property
            • value is the value of the Property
            • Optional fields may be omitted: hidden, runtime, encrypted and doNotUpdate
            • hidden, runtime, encrypted and doNotUpdate all default to false
            • runtime refers to Show in request? for a property
        2. Array
          Example
          • Format

            [
                                                 "foo", //name
                                                 "bar", //value
                                                 false, //hidden
                                                 false, //runtime
                                                 false, //encrypted
                                                 false  //doNotUpdate
                                                ]
                                                
          • Description

            • name is the name of the Property
            • value is the value of the Property
            • Optional fields may be omitted: hidden, runtime, encrypted and doNotUpdate
            • hidden, runtime, encrypted and doNotUpdate all default to false
            • runtime refers to Show in request? for a property
        3. Array of Single Objects (JSON format)
          Example
          • Format

            [
                                                 {
                                                  "name": "foo",
                                                  "value": "bar",
                                                  "hidden": false,
                                                  "runtime": false,
                                                  "encrypted": false,
                                                  "doNotUpdate": false
                                                 },
                                                 {
                                                  "name": "hello",
                                                  "value": "world",
                                                  "hidden": true,
                                                  "runtime": false,
                                                  "encrypted": true,
                                                  "doNotUpdate": false
                                                 }
                                                ]
                                                
          • Description

            • name is the name of the Property
            • value is the value of the Property
            • Optional fields may be omitted: hidden, runtime, encrypted and doNotUpdate
            • hidden, runtime, encrypted and doNotUpdate all default to false
            • runtime refers to Show in request? for a property
        4. Array of an Array
          Example
          • Format

            [
                                                 [
                                                  "foo", //name
                                                  "bar", //value
                                                  false, //hidden
                                                  false, //runtime
                                                  false, //encrypted
                                                  false  //doNotUpdate
                                                 ],
                                                 [
                                                  "hello", //name
                                                  "world", //value
                                                  true, //hidden
                                                  false, //runtime
                                                  false, //encrypted
                                                  true  //doNotUpdate
                                                 ]
                                                ]
                                                
          • Description

            • name is the name of the Property
            • value is the value of the Property
            • Optional fields may be omitted: hidden, runtime, encrypted and doNotUpdate
            • hidden, runtime, encrypted and doNotUpdate all default to false
            • runtime refers to Show in request? for a property
    • Encrypted: Select whether or not the property should be encrypted
    • Show in Request: Select whether or not the Property Group should be shown in the blueprint request
  5. Save

Usage

Apply to vRA Blueprints

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for SovLabs Property Toolkit that was created

  4. Repeat Step 3 for all desired blueprints

Managing vRA Properties on multiple VMs

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Manage Properties
    Manage Properties
    SovLabs Property Toolkit - Manage Properties
    FieldValue
    Hostname filter

    *Regex and wildcards are not supported

    Type in a part of the hostname to filter out VMs by hostname

    Property filter

    *Regex and wildcards are not supported

    Type in a VM property name and value to filter out VMs by custom properties

    Business Group filter

    *Regex and wildcards are not supported

    Type in the vRA Business Group name to filter out VMs by vRA Business Group(s)
    Selected VMs Select and move VMs to the right to affect properties on those VMs
    Action Select whether to Create, Update or Delete property on the selected VMs
    Property Name

    Type in the Property name to create, update or delete

    Property Value

    *Not shown for Create New Property action

    Type in the (new) Property value

    Hidden

    *Not shown for Create New Property action

    Select whether or not to hide the property.

    Encrypted

    *Not shown for Create New Property action

    Select whether or not to encrypt the property

    Show in Request

    *Not shown for Create New Property action

    Select whether or not to show the property in the request

    Confirm action

    *Not shown for Create New Property action

    Type in the Action field text to confirm

End-user Managing vRA Properties for VMs

  1. Login to the vRA tenant
  2. Click on the Items tab and select Machines
  3. Select the desired VM and click on Actions on the top column of the VM list
  4. Select Manage Properties (SovLabs Property Toolkit)
    Manage Properties
    Manage Properties (SovLabs Property Toolkit)
    FieldValue
    Action Select whether to Create, Update or Delete property on the selected VMs
    Property Picker Select the VM Property to manage
    Property Name

    Type in the Property name to create, update or delete

    Property Value

    *Not shown for Create New Property action

    Type in the (new) Property value

    Hidden

    *Not shown for Create New Property action

    Select whether or not to hide the property.

    Encrypted

    *Not shown for Create New Property action

    Select whether or not to encrypt the property

    Show in Request

    *Not shown for Create New Property action

    Select whether or not to show the property in the request

Lifecycle

Properties are created during the following stages of the VM lifecycle via vRealize Automation Event Broker Subscriptions:

  • Machine Requested
  • Machine Provisioned

Disable

Removing from vRA Blueprints

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for SovLabs Property Toolkit that was created
  4. Repeat Step 3 for all desired blueprints

Preventing Manage Properties on VM(s)

  • Once the process to create/update/delete a property on VM(s) has started, it cannot be stopped.
  • To prevent the requester from Managing Properties on VM(s), remove the entitlement

vSphere

View features and compatibility

Quick Start Process

  1. Define vSphere vCenter Endpoint(s)
  2. Define DRS Profile(s)
  3. Apply to existing blueprint(s)
  4. Provision!

Prerequisites

  1. vSphere vCenter(s) are properly configured
  2. Cluster(s) and host group(s) are properly configured
  3. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add SovLabs vCenter Endpoint
    2. Add DRS Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add vCenter SovLabs Endpoint
    Add vCenter Endpoint
    SovLabs vCenter Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Choose the appropriate vCenter version
    Platform Service Controller (FQDN)

    *Shown when 'Version' is 6+

    Type in the PSC FQDN
    Is the PSC embedded on the vCenter server?

    *Shown when 'Version' is 6+

    vCenter hostname (FQDN)

    *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x

    Type in the vCenter server FQDN
    Credential Configuration for vCenter Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing vCenter Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (user@example.com)

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. On the Catalog page, click on the Request button for Add DRS Profile
    Add DRS Profile
    DRS Profile
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    vCenter Endpoint Select the desired SovLabs vCenter endpoint
    Cluster Select from auto-generated list of vCenter clusters when the vCenter Endpoint is selected
    Host group Select from auto-generated list of vCenter host groups when the vCenter Endpoint is selected
    Rule Select the DRS rule:
    • Must run on host group
    • Should run on host group
    • Must not run on host group
    • Should not run on host group

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for vSphere DRS:

      Starts with SovLabs-DRS-

      Do not attach more than 1 vSphere DRS property group to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for vSphere DRS:

      Starts with SovLabs-DRS-

  4. Repeat Step 3 for all desired blueprints

vSphere

View features and compatibility

Quick Start Process

  1. Define vSphere vCenter Endpoint(s)
  2. Define vRA IaaS and vRA CAFE Endpoint
  3. Define Notification Configuration
  4. Define Notification Group
  5. Define Snapshot Configuration

Prerequisites

  1. vSphere vCenter(s) are properly configured
  2. Cluster(s) and host group(s) are properly configured
  3. If utilizing an email server, gather the following details:
    • IP Address/hostname of the email server
    • Is the service SMTP or IMAP?
    • Credential details (username/password)
    • Whether SSL/TLS or STARTTLS is required to send emails through your email server
    • Port # of SMTP or IMAP service on that host

      Common ports: (please verify with administrator or provider)

      • SMTP: 25, 465 (SSL), 587 (STARTTLS)
      • IMAP: 143 or 993 (SSL)
  4. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add SovLabs vCenter Endpoint
    2. Add SovLabs vRA CAFE Endpoint
    3. Add SovLabs vRA IaaS Endpoint
    4. Add Snapshot Configuration
    5. Add Notification Configuration
    6. Add Notification Group
    7. Manage Snapshot Scheduler

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
    Add vCenter Endpoint
    SovLabs vCenter Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Choose the appropriate vCenter version
    Platform Service Controller (FQDN)

    *Shown when 'Version' is 6+

    Type in the PSC FQDN
    Is the PSC embedded on the vCenter server?

    *Shown when 'Version' is 6+

    vCenter hostname (FQDN)

    *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x

    Type in the vCenter server FQDN
    Credential Configuration for vCenter Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing vCenter Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (user@example.com)

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. On the Catalog page, click on the Request button for Add SovLabs vRA CAFE Endpoint
    Add SovLabs vRA CAFE Endpoint
    SovLabs vRA CAFE Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Read-only field based on querying vRA CAFE from the vRA tenant
    Hostname (FQDN) Auto-generated based on querying vRA CAFE. Please verify
    Credential Configuration for vRA CAFE Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing vRA CAFE credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (user@example.com)

    Password

    *Shown when 'Create credential' is checked

    User's password

  4. On the Catalog page, click on the Request button for Add SovLabs vRA IaaS Endpoint
    Add SovLabs vRA IaaS Endpoint
    SovLabs vRA IaaS Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Read-only field based on querying vRA IaaS from the vRA tenant
    Hostname (FQDN) Auto-generated based on querying vRA IaaS. Please verify
    Credential Configuration for vRA IaaS Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing vRA CAFE credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (username only, no domain)

    Password

    *Shown when 'Create credential' is checked

    User's password

  5. On the Catalog page, click on the Request button for Add Notification Configuration
    Add Notification Configuration
    Notification Configuration

    A notification configuration holds all the necessary information to send notifications

    FieldValue
    Type Select SNAPSHOT
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    State Select whether or not to send notifications when a new snapshot is found NEW,
    when a snapshot is going to be deleted WARNING,
    and/or when a snapshot has been deleted DELETE
    Message type Select the notification message type
    Format Select the desired format
    From address The address that will be sending the notification

    Can be templated: SovLabs Template Engine

    Title Notification title

    Can be templated: SovLabs Template Engine

    Body Body message - defaulted to standard templates. Please update accordingly

    *For a WebService, the only payload accepted is a JSON payload

    Can be templated: SovLabs Template Engine

    Message Server configuration
    New Message Server?

    Check the checkbox to create a new message server

    Uncheck to choose an existing message server

    Message Server

    *Shown when 'New Message Server' is unchecked

    Select the desired message server from a list of existing message servers
    Message server configuration label

    *Shown when 'New Message Server' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Message Server Address

    *Shown when 'New Message Server' is checked

    Message Server address

    NOTE: for a WebService, the request body is used as type JSON to deliver data to the web service it is connecting to.

    The address will not be modified by SovLabs' module to provide data via the URL. If the request is directed at a specific method for the call please include that as part of the address parameter.

    *If the WebService address is: webserver.domain.com and the URL directive for method is: /logmessage, the resulting Message server address should be: webserver.domain.com/logmessage

    Enable SSL?

    *Shown when 'New Message Server' checked

    Choose whether or not SSL is enabled on the message server
    Message Server port

    *Shown when 'New Message Server' is checked

    Message Server port

    Common ports: (please verify with administrator or provider)

    • SMTP: 25, 465 (SSL), 587 (STARTTLS)
    • IMAP: 143 or 993 (SSL)
    Message Server HTTP verb

    *Shown when New Message Server is checked and the Message type is WebService

    Select the HTTP Verb

    Any HTTP verb used must be assumed to use the JSON body content to properly direct the server's behavior. The Notifications module does not modify URL with parameters.

    Message Server protocol

    *Shown when 'New Message Server' is checked

    Select the appropriate protocol
    Enable credential?

    *Shown when 'New Message Server' is checked

    Select whether credentials are enabled on the message server
    Create credential?

    Uncheck the checkbox to choose from existing Message Server credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Enable credential' is checked and 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials for the Message Server

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    Username's password

    Enable STARTTLS?

    *Shown when 'New Message Server' is checked and 'Message Type' is Email

    Select whether or not to enable STARTTLS

    Network timeout Defaulted to 6000
    Email Group configuration

    *Shown when the 'Message Server Type' is Email

    New Email Group?

    Check the checkbox to create a new email group

    Uncheck to choose an existing email group

    Email Group

    *Shown when 'New Email Group' is unchecked

    Select the desired email group from a list of existing email groups
    Email Group configuration label

    *Shown when 'New Email Group' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    To addresses

    *Shown when New Email Group is checked

    Enter all the email addresses to send the notifications to

    Can be templated: SovLabs Template Engine

    CC addresses

    *Shown when New Email Group is checked

    Enter all the email addresses to CC the notifications to

    Can be templated: SovLabs Template Engine

    BCC addresses

    *Shown when New Email Group is checked

    Enter all the email addresses to BCC the notifications to

    Can be templated: SovLabs Template Engine

  6. On the Catalog page, click on the Request button for: Add Notification Group Configuration
    Add Notification Group Configuration
    Notification Group Configuration

    A Notification Group configuration holds multiple notification configurations

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Type Select SNAPSHOT
    Notifications Select all Snapshot notification configurations filtered this notification group
  7. On the Catalog page, click on the Request button for: Add Snapshot Configuration
    Add Snapshot Configuration
    Snapshot Configuration

    A Snapshot configuration represents configurations for vSphere Snapshot Management

    FieldValue
    vCenter Endpoints defined? Read-only field, should say "Yes". SovLabs vCenter Endpoints must be defined prior to submitting this form.
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    SovLabs vRA CAFE Endpoint Select the desired SovLabs vRA CAFE endpoint. Make sure to define SovLabs vRA CAFE endpoint(s) prior to.
    SovLabs vRA IaaS Endpoint Select the desired SovLabs vRA IaaS endpoint. Make sure to define SovLabs vRA IaaS endpoint(s) prior to.
    Notification Group Select the desired Notification Group. Make sure to define Notification Group(s) with type SNAPSHOT prior to.
    VMs for all vRA Business Groups? Select whether or not to manage snapshots for all vRA Business Groups defined for this vRA tenant.
    Filter VMs by vRA Business Group(s)

    *Shown when 'VMs for all vRA Business Groups?' is checked

    Select all desired vRA Business Group(s) to manage snapshots for

    Snapshot lifespan (days) Define a snapshot's lifespan in number of days
    Expiration warning notification(s) Define when to send warning notifications in number of days from expiration
    Snapshot lifespan (days) Define a snapshot's lifespan in number of days
    Exclusions by VM Name
    Regular Expression Patterns

    Exclude VMs from Snapshot Management with Java Regex matches on VM names.

    *For the order of precedence for Snapshot management bypass, this is the first.

    Example: ^*-test-*

    Reference: Regular Expression

    Simple String Patterns

    Exclude VMs from Snapshot Management with string patterns on VM names.

    *For the order of precedence for Snapshot management bypass, this is the second.

    Example: test

    Exclusions by Snapshot Name
    Regular Expression Patterns

    Exclude VMs from Snapshot Management with Java Regex matches on snapshot names.

    *For the order of precedence for Snapshot management bypass, this is the third.

    Example: ^*note-managed*

    Reference: Regular Expression

    Simple String Patterns

    Exclude VMs from Snapshot Management with string patterns on snapshot names.

    *For the order of precedence for Snapshot management bypass, this is the fourth.

    Example: DONOTDELETE

    Click "Next"

    FieldValue
    Snapshot Scheduler
    All scheduling will be executed in the vRO instance timezone Read-only field that depicts vRealize Orchestrator's timezone. When defining a schedule for snapshot management, please convert your desired scheduled time(s) to be aligned with vRO's timezone.
    Schedule is active? Defaulted to "Yes". At a later time, can specify a specific Snapshot Configuration to be inactive by unchecking the checkbox and will not run for the specific Snapshot Configuration
    Schedule type Define when to run this Snapshot Configuration: Daily, Weekly, Monthly, or Run once
    Daily
    Weekly
    Monthly
    Run once

    Daily: hh:mm in military time

    Weekly: EEE hh:mm where EEE is Mon, Tue, Wed, Thu, Fri, Sat, Sun and hh:mm is in military time

    Monthly: dd hh:mm where dd is the day of the month 01-31 and hh:mm is in military time

    Run once: Select a specific date and time to run. Will only run once.

    Schedule end date *Optional: Select a date when to end this Snapshot Configuration scheduled task

Usage

  • An inventory will run and send out notifications appropriately.
  • If a snapshot's age has met the expiration day, it will automatically delete the snapshot.
  • The last SovLabs Snapshot Configuration deleted will delete the vRealize Orchestrator scheduled task for Snapshot Management
  • To resume previously suspended SovLabs vSphere Snapshot configurations:
    1. Login to the vRA tenant
    2. Click on the Catalog tab
    3. Click on Manage Snapshot Scheduler:
      1. Click on the desired action Resume
      2. Click Submit

Disable

  1. Login to the vRA tenant
  2. Click on the Catalog tab
  3. Click on Manage Snapshot Scheduler:
    1. Click on the desired action Suspend
    2. Click Submit

vSphere

View features and compatibility

Quick Start Process

  1. Define VM tag properties on existing blueprint(s)
  2. Provision!

Setup

The SovLabs VM Tagging module is solely driven through vRA custom properties.

Property names and values can be templated using the SovLabs Template Engine

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
    Add vCenter Endpoint
    SovLabs vCenter Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Choose the appropriate vCenter version
    Platform Service Controller (FQDN)

    *Shown when 'Version' is 6+

    Type in the PSC FQDN
    Is the PSC embedded on the vCenter server?

    *Shown when 'Version' is 6+

    vCenter hostname (FQDN)

    *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x

    Type in the vCenter server FQDN
    Credential Configuration for vCenter Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing vCenter Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (user@example.com)

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. Click on the Administration tab > Property Dictionary
  4. Click on Property Group
  5. Click on +New
    • Name: Provide a name for the Property Group
    • Properties: Click on +New to add a new property:
      • Name:
        • Always prefix the name with SovLabs_CreateTags_VMW_ (e.g. SovLabs_CreateTags_VMW_Location)
        • Multiple properties can be attached as long as the suffix is unique

      • Value: Multiple properties can exist on each property and must be in one of the following 4 formats
        1. Single Object (JSON format)
          Example
          • Format

            {
                                                 "name": "foo",
                                                 "category": "bar",
                                                 "cardinalitySingle": false,
                                                 "tagDescription": "desc",
                                                 "categoryDescription": "desc 2"
                                                }
                                                
          • Description

            • name is the name of the Tag
            • value is the name of the Tag Category
            • Optional fields may be omitted: cardinalitySingle, tagDescription and categoryDescription
        2. Array
          Example
          • Format

            [
                                                 "foo", //name
                                                 "bar", //category
                                                 false, //cardinalitySingle
                                                 "desc", //tagDescription
                                                 "desc 2", //categoryDescription
                                                ]
                                                
          • Description

            • name is the name of the Tag
            • value is the name of the Tag Category
            • Optional fields may be omitted: cardinalitySingle, tagDescription and categoryDescription
        3. Array of Single Objects (JSON format)
          Example
          • Format

            [
                                                 {
                                                  "name": "foo",
                                                  "category": "bar",
                                                  "cardinalitySingle": false,
                                                  "tagDescription": "desc",
                                                  "categoryDescription": "desc 2"
                                                 },
                                                 {
                                                  "name": "hello",
                                                  "category": "world",
                                                  "cardinalitySingle": true,
                                                  "tagDescription": "desc 3",
                                                  "categoryDescription": "desc 4"
                                                 }
                                                ]
                                                
          • Description

            • name is the name of the Tag
            • value is the name of the Tag Category
            • Optional fields may be omitted: cardinalitySingle, tagDescription and categoryDescription
        4. Array of an Array
          Example
          • Format

            [
                                                 [
                                                  "foo", //name
                                                  "bar", //category
                                                  false, //cardinalitySingle
                                                  "desc", //tagDescription
                                                  "desc 2", //categoryDescription
                                                 ],
                                                 [
                                                  "hello", //name
                                                  "world", //category
                                                  false, //cardinalitySingle
                                                  "desc 3", //tagDescription
                                                  "desc 4", //categoryDescription
                                                 ]
                                                ]
                                                
          • Description

            • name is the name of the Tag
            • value is the name of the Tag Category
            • Optional fields may be omitted: cardinalitySingle, tagDescription and categoryDescription
    • Encrypted: Select whether or not the property should be encrypted
    • Show in Request: Select whether or not the Property Group should be shown in the blueprint request
  6. Save

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for SovLabs VM Tagging that was created

  4. Repeat Step 3 for all desired blueprints

Lifecycle

Provisioning

  • When a tagged VM is provisioned, the VM’s relationship to the Tag is created
  • If the Tag Category does not exist, it will be created in vCenter
  • If the Tag does not exist, it will be created in vCenter

*If the property name or value resolves to an empty string it will be skipped.

De-provisioning

  • When a tagged VM is destroyed, the VM’s relationship to the Tag is also removed
  • Tags are not removed from vCenter upon VM removal
  • Categories are not removed from vCenter upon VM removal

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for SovLabs VM Tagging that was created
  4. Repeat Step 3 for all desired blueprints

Backup as a Service Management

View features and compatibility

Quick Start Process

  1. Define Cohesity Cluster Endpoint(s)
  2. Configure Cohesity Backup Profile
  3. Define Notification Configuration for Cohesity
  4. Apply Backup Profile to existing blueprint(s)
  5. Provision and recover VMs!

Prerequisites

  1. Cohesity Cluster is properly configured
  2. All Linux VMs protected by Cohesity must have the following installed:
    • rsync
    • nfs-utils
    • nfs-utils-lib
    • lsof
  3. Service account with Administrative privileges on the Cohesity Cluster(s)
  4. Email notification:
    1. User account with permissions to the email servers desired
    2. If utilizing an email server, gather the following details:
      • IP Address/hostname of the email server
      • Is the service SMTP or IMAP?
      • Credential details (username/password)
      • Whether SSL/TLS or STARTTLS is required to send emails through your email server
      • Port # of SMTP or IMAP service on that host

        Common ports: (please verify with administrator or provider)

        • SMTP: 25, 465 (SSL), 587 (STARTTLS)
        • IMAP: 143 or 993 (SSL)
  5. Existing Protection Job(s) on the Cohesity Cluster(s)
  6. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Cohesity Cluster Endpoint
    2. Add Cohesity Backup Profile
    3. Add Notification Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Cohesity Cluster Endpoint
    Add Cohesity Cluster Endpoint
    Cohesity Cluster Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Select the Cohesity Cluster version
    Hostname Cohesity Cluster hostname (FQDN or IP address)
    HTTPS? Choose whether or not the Cohesity Cluster is HTTPS
    Port Cohesity Cluster port number
    Credential Configuration for Cohesity Cluster Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing Cohesity Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (no domain)

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. On the Catalog page, click on the Request button for Add Cohesity Backup Profile
    Cohesity Backup Profile
    Cohesity Backup Profile
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Cohesity Cluster Endpoint Select the desired Cohesity Cluster Endpoint
    Get Protection Jobs from list?

    Check the checkbox to get an auto-generated list based on Cohesity Cluster Endpoint selected.

    Uncheck the checkbox to manually define Protection Jobs.

    Protection Jobs

    If Get Protection Jobs from list? is checked:
    *Auto-generated list based on Cohesity Cluster Endpoint selected

    Select a Protection Job from the left column and click on the right arrow to move it to the right column.

    Repeat for all desired Protection Jobs

    If Get Protection Jobs from list? is unchecked:
    Manually type in any additional Protection Jobs. Can be templated: SovLabs Template Engine

    *Please keep the default value provided to allow End-user to select a Cohesity Protection Job at Request Time

  4. On the Catalog page, click on the Request button for Add Notification Configuration
    Add Notification Configuration
    Notification Configuration

    A notification configuration holds all the necessary information to send notifications

    FieldValue
    Type Select Backup as a Service - Cohesity
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    State

    *Please keep both SUCCESS and ERROR checked

    Message type

    *Please keep as Email

    Format Select the desired format
    From address Type the email address that will be sending the notification

    Can be templated: SovLabs Template Engine

    Title

    *Auto-generated Notification title

    Can be templated: SovLabs Template Engine

    Body Body message - defaulted to standard templates. Please update accordingly

    Can be templated: SovLabs Template Engine

    Message Server configuration
    New Message Server?

    Check the checkbox to create a new message server

    Uncheck to choose an existing message server

    Message Server

    *Shown when 'New Message Server' is unchecked

    Select the desired message server from a list of existing message servers
    Message server configuration label

    *Shown when 'New Message Server' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Message Server Address

    *Shown when 'New Message Server' is checked

    Message Server address (SMTP or IMAP host)

    Enable SSL?

    *Shown when 'New Message Server' checked

    Choose whether or not SSL is enabled on the message server
    Message Server port

    *Shown when 'New Message Server' is checked

    Message Server port

    Common ports: (please verify with administrator or provider)

    • SMTP: 25, 465 (SSL), 587 (STARTTLS)
    • IMAP: 143 or 993 (SSL)
    Message Server protocol

    *Shown when 'New Message Server' is checked

    Select the appropriate protocol
    Enable credential?

    *Shown when 'New Message Server' is checked

    Select whether credentials are enabled on the message server
    Create credential?

    Uncheck the checkbox to choose from existing Message Server credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Enable credential' is checked and 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials for the Message Server

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    Username's password

    Enable STARTTLS?

    *Shown when 'New Message Server' is checked and 'Message Type' is Email

    Select whether or not to enable STARTTLS

    Network timeout Defaulted to 6000
    Email Group configuration
    New Email Group?

    Check the checkbox to create a new email group

    Email Group configuration label

    *Please keep as auto-generated label

    To addresses

    *Please keep auto-generated value

    Enter all additional email addresses to send the notifications to

    Can be templated: SovLabs Template Engine

    CC addresses

    Enter all the email addresses to CC the notifications to

    Can be templated: SovLabs Template Engine

    BCC addresses

    Enter all the email addresses to BCC the notifications to

    Can be templated: SovLabs Template Engine

    Only add 1 Notification Configuration for Cohesity

    No further action is necessary to set up SovLabs Notifications for Cohesity Backup as a Service module. The Notification Configuration for Cohesity may be updated any time

  5. Do not add a Notification Group. A notification group for Cohesity Notification Configuration gets auto-generated. The Cohesity Notification Group is not visible in vRA and gets deleted when the Notification Configuration for Cohesity is deleted

Usage

Apply to vRA blueprint(s)

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Cohesity Backup as a Service:

      Starts with SovLabs-Cohesity-

      Do not attach more than 1 Cohesity Backup as a Service property group to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints
  5. Provision

End-user Usage

Provide a guide on how to perform Day 2 operations to end-users

Download User Guide

Enable End-user to Select a Protection Job at Request Time

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Cohesity Backup as a Service:

      SovLabs-CohesitySelectProtectionJob

    4. In the Property Groups section, add the vRA property group for Cohesity Backup Profile that had the templated Protection Job {{ SovLabs_CohesitySelectProtectionJob }} defined:

      Starts with SovLabs-Cohesity-

  4. Repeat Step 3 for all desired blueprints
  5. Provision

Enable End-user to Recover Files and Folders

Allow the end-user to see the Recover Files and Folders (Cohesity) action on a VM:
  1. Add the action to the entitlement
    • Search text to type in the Name field is: Cohesity
    • Action to add is: Recover Files and Folders (Cohesity)

Enable End-user to Change Protection Job

Allow the end-user to see the Change Protection Job (Cohesity) action on a VM:
  1. Add the action to the entitlement
    • Search text to type in the Name field is: Cohesity
    • Action to add is: Change Protection Type (Cohesity)

Disable

Remove from vRA blueprint(s)

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Click the desired blueprint name to edit
  4. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Cohesity Backup up as a Service:

      Starts with SovLabs-Cohesity-

  5. Repeat Step 3 for all desired blueprints

End-userSelect a Protection Job at Request Time

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Click the desired blueprint name to edit
  4. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Cohesity Backup up as a Service:

      SovLabs-CohesitySelectProtectionJob

    4. In the Property Groups section, remove the vRA property group for Cohesity Backup Profile:

      Starts with SovLabs-Cohesity-

  5. Repeat Step 3 for all desired blueprints

End-userFile and Folder Recovery

Prevent the end-user from seeing the Recover Files and Folders (Cohesity) action on a VM:
  1. Remove the action from the entitlement
    • Action to remove is: Recover Files and Folders (Cohesity)

End-userChange Protection Job

Prevent the end-user from seeing the Change Protection Job (Cohesity) action on a VM:
  1. Remove the action from the entitlement
    • Action to remove is: Change Protection Job (Cohesity)

Backup as a Service Management

View features and compatibility

Quick Start Process

  1. Define Rubrik Cluster Endpoint(s)
  2. Configure Rubrik Backup Profile
  3. Define Notification Configuration for Rubrik
  4. Apply Backup Profile to existing blueprint(s)
  5. Provision and recover VMs!

Prerequisites

  1. Rubrik Cluster is properly configured
  2. Service account with Administrative privileges on the Rubrik Cluster(s)
  3. Email notification:
    1. User account with permissions to the email servers desired
    2. If utilizing an email server, gather the following details:
      • IP Address/hostname of the email server
      • Is the service SMTP or IMAP?
      • Credential details (username/password)
      • Whether SSL/TLS or STARTTLS is required to send emails through your email server
      • Port # of SMTP or IMAP service on that host

        Common ports: (please verify with administrator or provider)

        • SMTP: 25, 465 (SSL), 587 (STARTTLS)
        • IMAP: 143 or 993 (SSL)
  4. Existing SLA Domain(s) on the Rubrik Cluster(s)
  5. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Rubrik Cluster Endpoint
    2. Add Rubrik Backup Profile
    3. Add Notification Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Rubrik Cluster Endpoint
    Add Rubrik Cluster Endpoint
    Rubrik Cluster Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Select the Rubrik Cluster version
    Hostname Rubrik Cluster hostname (FQDN or IP address)
    HTTPS? Rubrik Cluster is always HTTPS
    Port Rubrik Cluster port number
    Credential Configuration for Rubrik Cluster Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing Rubrik Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (no domain)

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. On the Catalog page, click on the Request button for Add Rubrik Backup Profile
    Rubrik Backup Profile
    Rubrik Backup Profile
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Rubrik Cluster Endpoint Select the desired Rubrik Cluster Endpoint
    Get SLA Domain from list?

    Check the checkbox to get an auto-generated list based on Rubrik Cluster Endpoint selected.

    Uncheck the checkbox to manually define SLA Domain.

    SLA Domain

    If Get SLA Domain from list? is checked:
    *Auto-generated list based on Rubrik Cluster Endpoint selected

    Select a SLA Domain

    If Get SLA Domain from list? is unchecked:
    Manually type in SLA Domain. Can be templated: SovLabs Template Engine

    *Please keep the default value provided to allow End-user to select a Rubrik SLA Domain at Request Time

  4. On the Catalog page, click on the Request button for Add Notification Configuration
    Add Notification Configuration
    Notification Configuration

    A notification configuration holds all the necessary information to send notifications

    FieldValue
    Type Select Backup as a Service - Rubrik
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    *Please keep as auto-generated label

    State

    *Please keep both SUCCESS and ERROR checked

    Message type

    *Please keep as Email

    Format Select the desired format
    From address Type the email address that will be sending the notification

    Can be templated: SovLabs Template Engine

    Title

    *Auto-generated Notification title

    Can be templated: SovLabs Template Engine

    Body Body message - defaulted to standard templates. Please update accordingly

    Can be templated: SovLabs Template Engine

    Message Server configuration
    New Message Server?

    Check the checkbox to create a new message server

    Uncheck to choose an existing message server

    Message Server

    *Shown when 'New Message Server' is unchecked

    Select the desired message server from a list of existing message servers
    Message server configuration label

    *Shown when 'New Message Server' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Message Server Address

    *Shown when 'New Message Server' is checked

    Message Server address (SMTP or IMAP host)

    Enable SSL?

    *Shown when 'New Message Server' checked

    Choose whether or not SSL is enabled on the message server
    Message Server port

    *Shown when 'New Message Server' is checked

    Message Server port

    Common ports: (please verify with administrator or provider)

    • SMTP: 25, 465 (SSL), 587 (STARTTLS)
    • IMAP: 143 or 993 (SSL)
    Message Server protocol

    *Shown when 'New Message Server' is checked

    Select the appropriate protocol
    Enable credential?

    *Shown when 'New Message Server' is checked

    Select whether credentials are enabled on the message server
    Create credential?

    Uncheck the checkbox to choose from existing Message Server credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Enable credential' is checked and 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials for the Message Server

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    Username's password

    Enable STARTTLS?

    *Shown when 'New Message Server' is checked and 'Message Type' is Email

    Select whether or not to enable STARTTLS

    Network timeout Defaulted to 6000
    Email Group configuration
    New Email Group?

    Check the checkbox to create a new email group

    Email Group configuration label

    *Please keep as auto-generated label

    To addresses

    *Please keep auto-generated value

    Enter all additional email addresses to send the notifications to

    Can be templated: SovLabs Template Engine

    CC addresses

    Enter all the email addresses to CC the notifications to

    Can be templated: SovLabs Template Engine

    BCC addresses

    Enter all the email addresses to BCC the notifications to

    Can be templated: SovLabs Template Engine

    Only add 1 Notification Configuration for Rubrik

    No further action is necessary to set up SovLabs Notifications for Rubrik Backup as a Service module. The Notification Configuration for Rubrik may be updated any time

  5. Do not add a Notification Group. A notification group for Rubrik Notification Configuration gets auto-generated. The Rubrik Notification Group is not visible in vRA and gets deleted when the Notification Configuration for Rubrik is deleted

Usage

Apply to vRA blueprint(s)

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Rubrik Backup as a Service:

      Starts with SovLabs-Rubrik-

      Do not attach more than 1 Rubrik Backup as a Service property group to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints
  5. Provision

End-user Usage

Provide a guide on how to perform Day 2 operations to end-users

Download User Guide

Enable End-user to Select a SLA Domain at Request Time

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Rubrik Backup as a Service: SovLabs-RubrikSelectSLADomain

    4. In the Property Groups section, add the vRA property group for Rubrik Backup Profile that had the templated SLA Domain {{ SovLabs_RubrikSelectSLADomain }} defined:

      Starts with SovLabs-Rubrik-

  4. Repeat Step 3 for all desired blueprints
  5. Provision

Enable End-user to Recover Files and Folders

Allow the end-user to see the Recover Files and Folders (Rubrik) action on a VM:
  1. Add the action to the entitlement
    • Search text to type in the Name field is: Rubrik
    • Action to add is: Recover Files and Folders (Rubrik)

Enable End-user to Change SLA Domain

Allow the end-user to see the Change SLA Domain (Rubrik) action on a VM:
  1. Add the action to the entitlement
    • Search text to type in the Name field is: Rubrik
    • Action to add is: Change SLA Domain (Rubrik)

Enable End-user to Instant Backup

Allow the end-user to see the Instant Backup (Rubrik) action on a VM:
  1. Add the action to the entitlement
    • Search text to type in the Name field is: Rubrik
    • Action to add is: Instant Backup (Rubrik)

Disable

Remove from vRA blueprint(s)

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Click the desired blueprint name to edit
  4. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Rubrik Backup up as a Service:

      Starts with SovLabs-Rubrik-

  5. Repeat Step 3 for all desired blueprints

End-userSelect a Protection Type and SLA Domain at Request Time

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Click the desired blueprint name to edit
  4. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Rubrik Backup up as a Service:

      SovLabs-RubrikSelectSLADomain
    4. In the Property Groups section, remove the vRA property group for Rubrik Backup Profile:

      Starts with SovLabs-Rubrik-

  5. Repeat Step 3 for all desired blueprints

End-userFile and Folder Recovery

Prevent the end-user from seeing the Recover Files and Folders (Rubrik) action on a VM:
  1. Remove the action from the entitlement
    • Action to remove is: Recover Files and Folders (Rubrik)

End-userChange SLA Domain

Prevent the end-user from seeing the Change SLA Domain (Rubrik) action on a VM:
  1. Remove the action from the entitlement
    • Action to remove is: Change SLA Domain (Rubrik)

End-userInstant Backup

Prevent the end-user from seeing the Instant Backup (Rubrik) action on a VM:
  1. Remove the action from the entitlement
    • Action to remove is: Instant Backup (Rubrik)

Backup as a Service Management

View features and compatibility

Quick Start Process

  1. Define Veeam Backup Enterprise Manager Endpoint(s)
  2. Configure Veeam Backup Profile
  3. Configure VeeamZIP Profile
  4. Define Notification Configuration for Veeam
  5. Apply Backup Profile to existing blueprint(s)
  6. Provision and recover VMs!

Prerequisites

  1. Veeam Backup Enterprise Manager is properly configured
  2. Service account with Administrative privileges on the Veeam Backup Enterprise Manager(s)
  3. Email notification:
    1. User account with permissions to the email servers desired
    2. If utilizing an email server, gather the following details:
      • IP Address/hostname of the email server
      • Is the service SMTP or IMAP?
      • Credential details (username/password)
      • Whether SSL/TLS or STARTTLS is required to send emails through your email server
      • Port # of SMTP or IMAP service on that host

        Common ports: (please verify with administrator or provider)

        • SMTP: 25, 465 (SSL), 587 (STARTTLS)
        • IMAP: 143 or 993 (SSL)
  4. Existing Backup Job(s) on the Veeam BEM Endpoint(s)
  5. Login to the vRA tenant and validate the following vRA Catalog Items exist:
    1. Add Veeam BEM Endpoint
    2. Add Veeam Backup Profile
    3. Add VeeamZIP Profile
    4. Add Notification Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for Add Veeam BEM Endpoint
    Add Veeam BEM Endpoint
    Veeam BEM Endpoint
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Select the Veeam BEM version
    Hostname Veeam BEM hostname (FQDN)
    HTTPS? Choose whether or not the Veeam BEM Endpoint is HTTPS
    Port Veeam BEM port number
    Credential Configuration for Veeam BEM Endpoint
    Create credential?

    Uncheck the checkbox to choose from existing Veeam BEM Endpoint credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label.

    Username

    *Shown when 'Create credential' is checked

    Username (no domain)

    Password

    *Shown when 'Create credential' is checked

    User's password

  3. On the Catalog page, click on the Request button for Add Veeam Backup Profile
    Veeam Backup Profile
    Veeam Backup Profile
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Veeam BEM Endpoint Select the desired Veeam Backup Enterprise Manager Endpoint
    Get Backup Jobs from list?

    Check the checkbox to get an auto-generated list based on Veeam BEM Endpoint selected.

    Uncheck the checkbox to manually define Backup Jobs.

    Backup Jobs

    If Get Backup Jobs from list? is checked:
    *Auto-generated list based on Veeam BEM Endpoint selected

    Select a Backup Job from the left column and click on the right arrow to move it to the right column.

    Repeat for all desired Backup Jobs

    If Get Backup Jobs from list? is unchecked:
    Manually type in additional Backup Jobs. Can be templated: SovLabs Template Engine

    *Please keep the default value provided to allow End-user to select a Veeam Backup Job at Request Time

  4. On the Catalog page, click on the Request button for Add VeeamZIP Profile
    Veeam Backup Profile
    VeeamZIP Profile
    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Veeam BEM Endpoint Select the desired Veeam Backup Enterprise Manager Endpoint
    Repository

    *Auto-generated list based on Veeam BEM Endpoint selected

    Select a Repository

    Disable guest quiescence? By selecting to disable guest quiescence, it will perform crash consistent backup
    Delete this backup automatically Select when to delete the backup
    Encryption and Compression
    Enable backup file encryption Select whether or not to enable backup file encryption
    Compression level Select the compression level
  5. On the Catalog page, click on the Request button for Add Notification Configuration
    Add Notification Configuration
    Notification Configuration

    A notification configuration holds all the necessary information to send notifications

    FieldValue
    Type Select Backup as a Service - Veeam
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    *Please keep as auto-generated label

    State

    *Please keep both SUCCESS and ERROR checked

    Message type

    *Please keep as Email

    Format Select the desired format
    From address Type the email address that will be sending the notification

    Can be templated: SovLabs Template Engine

    Title

    *Auto-generated Notification title

    Can be templated: SovLabs Template Engine

    Body Body message - defaulted to standard templates. Please update accordingly

    Can be templated: SovLabs Template Engine

    Message Server configuration
    New Message Server?

    Check the checkbox to create a new message server

    Uncheck to choose an existing message server

    Message Server

    *Shown when 'New Message Server' is unchecked

    Select the desired message server from a list of existing message servers
    Message server configuration label

    *Shown when 'New Message Server' is checked

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Message Server Address

    *Shown when 'New Message Server' is checked

    Message Server address (SMTP or IMAP host)

    Enable SSL?

    *Shown when 'New Message Server' checked

    Choose whether or not SSL is enabled on the message server
    Message Server port

    *Shown when 'New Message Server' is checked

    Message Server port

    Common ports: (please verify with administrator or provider)

    • SMTP: 25, 465 (SSL), 587 (STARTTLS)
    • IMAP: 143 or 993 (SSL)
    Message Server protocol

    *Shown when 'New Message Server' is checked

    Select the appropriate protocol
    Enable credential?

    *Shown when 'New Message Server' is checked

    Select whether credentials are enabled on the message server
    Create credential?

    Uncheck the checkbox to choose from existing Message Server credentials

    Check the checkbox to create a new credential

    Credential

    *Shown when 'Enable credential' is checked and 'Create credential' is unchecked

    Select the appropriate credential from an existing list of credentials for the Message Server

    Credential configuration label

    *Shown when 'Create credential' is checked

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _

    Unique label

    Username

    *Shown when 'Create credential' is checked

    Username

    Password

    *Shown when 'Create credential' is checked

    Username's password

    Enable STARTTLS?

    *Shown when 'New Message Server' is checked and 'Message Type' is Email

    Select whether or not to enable STARTTLS

    Network timeout Defaulted to 6000
    Email Group configuration
    New Email Group?

    Check the checkbox to create a new email group

    Email Group configuration label

    *Please keep as auto-generated label

    To addresses

    *Please keep auto-generated value

    Enter all additional email addresses to send the notifications to

    Can be templated: SovLabs Template Engine

    CC addresses

    Enter all the email addresses to CC the notifications to

    Can be templated: SovLabs Template Engine

    BCC addresses

    Enter all the email addresses to BCC the notifications to

    Can be templated: SovLabs Template Engine

    Only add 1 Notification Configuration for Veeam

    No further action is necessary to set up SovLabs Notifications for Veeam Backup as a Service module. The Notification Configuration for Veeam may be updated any time

  6. Do not add a Notification Group. A notification group for Veeam Notification Configuration gets auto-generated. The Veeam Notification Group is not visible in vRA and gets deleted when the Notification Configuration for Veeam is deleted

Usage

Apply to vRA blueprint(s)

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Veeam Backup as a Service:

      Starts with SovLabs-VeeamBackupProfile-

      Do not attach more than 1 Veeam Backup as a Service property group to a vRA blueprint

  4. Repeat Step 3 for all desired blueprints
  5. Provision

End-user Usage

Provide a guide on how to perform Day 2 operations to end-users

Download User Guide

Enable End-user to Select a Backup Job at Request Time

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, add the vRA property group for Veeam Backup as a Service:

      SovLabs-VeeamSelectBackupJob
    4. In the Property Groups section, add the vRA property group for Veeam Backup Profile that had the templated Backup Job {{ SovLabs_VeeamSelectBackupJob }} defined:

      Starts with SovLabs-VeeamBackupProfile-

  4. Repeat Step 3 for all desired blueprints
  5. Provision

When destroying VMs, if the VM is the last one in the Veeam Backup Job, it will not be removed from the Veeam Backup Job (since a Veeam Backup Job must have at least 1 VM). The VM will be removed from vCenter as expected

Enable End-user to Recover Files and Folders

Allow the end-user to see the Recover Files and Folders (Veeam) action on a VM:
  1. Add the action to the entitlement
    • Search text to type in the Name field is: Veeam
    • Action to add is: Recover Files and Folders (Veeam)

Enable End-user to Recover VM

Allow the end-user to see the Recover VM (Veeam) action on a VM:
  1. Add the action to the entitlement
    • Search text to type in the Name field is: Veeam
    • Action to add is: Recover VM (Veeam)

Enable End-user to Change Backup Jobs on a VM

Allow the end-user to see the Change Backup Jobs (Veeam) action on a VM:
  1. Add the action to the entitlement
    • Search text to type in the Name field is: Veeam
    • Action to add is: Change Backup Jobs (Veeam)

Enable End-user to perform Instant Backup on a VM

Allow the end-user to see the Instant Backup (VeeamZIP) action on a VM:
  1. Add the action to the entitlement
    • Search text to type in the Name field is: Veeam
    • Action to add is: Instant Backup (VeeamZIP)

Disable

Remove from vRA blueprint(s)

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Click the desired blueprint name to edit
  4. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section, remove the vRA property group for Veeam Backup up as a Service:

      Starts with SovLabs-VeeamBackupProfile-

  5. Repeat Step 3 for all desired blueprints

End-userSelect a Backup Job at Request Time

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Click the desired blueprint name to edit
  4. Hover over the desired blueprint name and click Edit
    1. Click on the vSphere machine component on the Blueprint Design Canvas
    2. Click on the Properties tab
  5. In the Property Groups section, remove the vRA property group for Veeam Backup up as a Service:

    SovLabs-VeeamSelectBackupJob
  6. In the Property Groups section, remove the vRA property group for Veeam Backup Profile:

    Starts with SovLabs-VeeamBackupProfile-

  • Repeat Step 3 for all desired blueprints
  • End-userFile and Folder Recovery

    Prevent the end-user from seeing the Recover Files and Folders (Veeam) action on a VM:
    1. Remove the action from the entitlement
      • Action to remove is: Recover Files and Folders (Veeam)

    End-userRecover VM

    Prevent the end-user from seeing the Recover VM (Veeam) action on a VM:
    1. Remove the action from the entitlement
      • Action to remove is: Recover VM (Veeam)

    End-userChange Backup Jobs

    Prevent the end-user from seeing the Change Backup Job (Veeam) action on a VM:
    1. Remove the action from the entitlement
      • Action to remove is: Change Backup Jobs (Veeam)

    End-userInstant Backup

    Prevent the end-user from seeing the Instant Backup (VeeamZIP) action on a VM:
    1. Remove the action from the entitlement
      • Action to remove is: Instant Backup (VeeamZIP)

    Configuration Management

    View features and compatibility

    Quick Start Process

    1. Define Ansible Tower Endpoint(s)
    2. Define Ansible Tower Profile(s)
    3. Define Ansible Tower Inventory Profile(s)
    4. Apply to existing blueprint(s)
    5. Provision!

    Prerequisites

    1. Ansible Tower is properly configured
    2. An account with permissions to desired Ansible Tower(s)
    3. Download the SovLabs vRA Inventory for Ansible Tower :

      Must have an account and login to download

      • Dynamic Inventory script vra.py is installed
      • Dynamic Inventory configuration vra.yaml is installed
    4. Configure Inventory on the Ansible Tower server:
      1. Download the generate_ansInv.sh script

        Must have an account and login to download

      2. Run the script as root on the Ansible Tower server
    5. Set up Organizations, Teams, Projects, Job Templates, Machine Credentials, and Inventories in Ansible Tower
    6. Set up any Playbooks to be exercised from Ansible Tower
    7. Login to the vRA tenant and validate the following vRA Catalog Items exist:
      1. Add Ansible Tower Endpoint
      2. Add Ansible Tower Profile
      3. Add Ansible Tower Inventory Profile
      4. Manage Credentials

    Setup

    1. Login to the vRA tenant
    2. On the Catalog page, click on the Request button for Add Ansible Tower Endpoint
      Add Ansible Tower Endpoint
      Add an Ansible Tower Endpoint
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Hostname Ansible Tower hostname
      Credential Configuration for Ansible Tower Endpoint
      Create credential?

      Check the checkbox to create a new credential configuration

      Leave unchecked to choose from existing credentials

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique credential label

      Username

      *Shown when 'Create credential' is unchecked

      Account username that has access/rights to Ansible Tower

      Password

      Shown when 'Create credential' is unchecked

      User's password

      Organization
      Organization

      Select the appropriate Ansible Tower organization from an existing list of organizations

      The drop-down menu values will auto-generated once a credential has been selected or a valid username/password is entered

    3. On the Catalog page, click on the Request button for Add Ansible Tower Profile
      Add Ansible Tower Profile
      Add Ansible Tower Profile
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Ansible Tower Endpoint Select an Ansible Tower Endpoint that was previously added
      Filter Projects by Team

      *Auto-generated list of Teams based on the Ansible Tower Endpoint selected

      Select the desired Team, if any
      Filter Job Templates by Project

      *Auto-generated list of Projects based on the Ansible Tower Endpoint selected

      Select the desired Project, if any
      Get Job Templates from list?

      Uncheck to manually enter a Job Template name

      Check the checkbox to select from an existing list

      Job Templates

      If unchecked for 'Get Job Templates from list?', manually enter a Job Template name.

      If checked for 'Get Job Templates from list?', select an existing Job Template

      Get Deprovision Job Templates from list?

      Uncheck to manually enter a deprovision Job Template name

      Check to select from an existing list of deprovision Job Templates

      Deprovision Job Templates

      If unchecked for 'Get Deprovision Job Templates from list?', manually enter a deprovision Job Template name

      If checked 'Get Deprovision Job Templates from list?', select an existing deprovision Job Template

      Advanced
      Machine credential

      *Auto-generated list of machine credentials based on the Ansible Tower Endpoint selected

      Select the desired machine credential, if any
      Inventory

      *Auto-generated list of Inventory based on the Ansible Tower Endpoint selected

      Select the desired Inventory, if any
      Extra vars

      Define a string that represents a JSON or YAML formatted dictionary (with escaped parentheses) which includes variables given by the user, including answers to survey questions

      Rerun Lockout Minutes

      Define how long after provisioning before a Job Template can be re-executed on a VM. This is important for nested blueprints to prevent Job Templates from being launched more than once for a given VM.

    4. On the Catalog page, click on the Request button for Add Ansible Tower Inventory Profile
      Add Ansible Tower Inventory Profile
      Ansible Tower Inventory Profile
      Currently, the removal feature, which marks vRA VMs to be removed from Dynamic Inventory cache, may be inconsistent if more than one Ansible Tower Inventory Profile is used per tenant.
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Ansible Tower Endpoint Select an Ansible Tower Endpoint
      vRA IaaS URL

      *Auto-generated vRA IaaS URL, must match a configured IaaS URL in vRO

      Verify vRA IaaS URL
      Filters
      vRA Business Group(s)

      *Auto-generated list of vRA Business Groups, if any

      Select the desired vRA Business Group(s). Leave blank to select all
      Property Filters Specify the properties (key, value) to filter on. May have zero or more property filters
      Dynamic Groups
      Group separator Define how VMs will be grouped via one or more string characters. Used in the groups definitions below to separate groups name
      Groups Groups are defined as templates that will be resolved with vmProperties. If one property does not resolve, that group will be omitted. List groups, separated by the character defined in Group separator above
      Paging
      Result page size Specify the maximum number of VMs to return at one time, will make multiple calls to get the entire inventory. Leave blank to get all VMs in a page result.

    Inventory Configuration

    1. Remote login to the Ansible Tower instance
    2. Create a directory for the Ansible Tower Inventory Profile config file vra.yaml
    3. Download vra.py and vra.yaml from Github into this new directory
    4. Edit vra.yaml
      Please note that the vra.py and vra.yaml have changed since the previous SovLabs plugin releases and will need to replaced via instructions in the Release Notes
      • Verify all configuration values are correct and appertain to the Ansible Tower setup
      • Verify atow_inv_profile_name is the value of the “Configuration label” from the Ansible Tower Inventory Profile
      • Save & close
    5. Login to Ansible Tower web application
    6. Assuming the Prerequisites section in the beginning of the Ansible Tower section has been completed, add the Dynamic Inventory script vra.py to a new Inventory Script
      1. Click the Settings button in the top menu and select INVENTORY SCRIPTS
      2. Click on +Add or an existing Inventory Script hyperlink
      3. Copy & paste the contents of vra.py into the * CUSTOM SCRIPT field, and provide a value for NAME
    7. Now the Inventory Script will be associated with an Inventory
      1. Click on INVENTORIES in the main menu
      2. Click on +Add or an existing Inventory
      3. Fill in the Name and Description fields and click Save
      4. On the next screen, click on +ADD GROUP
      5. Provide a NAME and click on SOURCE, selecting Custom Script from the drop down. This will cause the *CUSTOM INVENTORY SCRIPT field to appear
      6. Click the spyglass in *CUSTOM INVENTORY SCRIPT and select the name of the INVENTORY SCRIPT item created in Step 6.2
      7. In the ENVIRONMENT VARIABLES text area, enter the following text, substituting the directory path created in Step 2
        VRA_YAML: /{directory path}/vra.yaml
      8. Select the 3 update options of Overwrite, Overwrite Variables, and Update on Launch
      9. Click Save

    Usage

    1. Login to the vRA tenant
    2. Click on the Design tab > Blueprints
    3. Hover over the desired blueprint name and click Edit
      1. Click on the vSphere machine component on the Blueprint Design Canvas
      2. Click on the Properties tab
      3. In the Property Groups section, add the vRA property group for Ansible Tower:

        Starts with SovLabs-AnsibleTowerProfile-

        Do not attach more than 1 Ansible Tower property group to a vRA blueprint

    4. Repeat Step 3 for all desired blueprints
    5. Provision

    Disable Ansible Tower Inventory

    1. Login to the Ansible Tower web application
    2. Follow Steps 7 and for 7.3, click on SOURCE > Choose a source
    3. Click Save

    Disable

    1. Login to the vRA tenant
    2. Click on the Design tab > Blueprints
    3. Hover over the desired blueprint name and click Edit
      1. Click on the vSphere machine component on the Blueprint Design Canvas
      2. Click on the Properties tab
      3. In the Property Groups section, remove the vRA property group for Ansible Tower:

        Starts with SovLabs-AnsibleTowerProfile-

    4. Repeat Step 3 for all desired blueprints

    Configuration Management

    View features and compatibility

    Quick Start Process

    1. Define Puppet Master(s)
    2. Define Puppet Agent(s)
    3. Apply to existing blueprint(s)
    4. Provision!

    Prerequisites

    1. Create Puppet Certificate and Update Puppet Console configuration

      Create the certificate on the Puppet CA that will be used for communication with the Puppet Console API and the Puppet CA API. This is the certificate that will be configured in your Puppet Master module for certificate credential from the CMP to the Puppet console. In order for the Puppet console API to accept the certificate, the configurations below need to be made.


      Perform the following for each Puppet CA utilized

      *In the following instructions, replace CERTNAME with the name to identify the automation account with, we recommend vrosvc

      1. Login to the Puppet CA
      2. Type in su -
      3. Create a certificate key and replace CERTNAME accordingly:
        puppet cert generate CERTNAME
      4. Modify the certificate_authority.pp:
        1. Type in
          vi /opt/puppetlabs/puppet/modules/puppet_enterprise/manifests/profile/certificate_authority.pp
        2. Find the following in the file and replace CERTNAME accordingly. If the following section does not already exist, copy and paste into the header of the file:
          class puppet_enterprise::profile::certificate_authority (
                                   Array[String] $client_whitelist = [ CERTNAME ]
                                  )
        3. Save the file: Hit the esc key and then type in :wq!
      5. Modify auth.conf:
        1. Type the following:
          vi /etc/puppetlabs/puppetserver/conf.d/auth.conf
        2. Find and replace CERTNAME in the file accordingly. If the following section does not already exist, copy and paste into the header of the file:
                                    {
                                     "allow" : [
                                      "pe-internal-dashboard",
                                      CERTNAME
                                     ],
                                     "match-request" : {
                                      "method" : [
                                       "get",
                                       "put",
                                       "delete"
                                      ],
                                      "path" : "/puppet-ca/v1/certificate_status",
                                      "query-params" : {},
                                      "type" : "path"
                                     },
                                     "name" : "puppetlabs certificate status",
                                     "sort-order" : 500
                                    }
                                  
        3. Save the file: Hit the esc key and then type in :wq!
      6. Modify the rbac-certificate-whitelist:
        1. Type the following:
          vi /etc/puppetlabs/console-services/rbac-certificate-whitelist
        2. Add the CERTNAME to the end of the file, where CERTNAME is the name identified in Step 3 (e.g.vrosvc) to the end of the file
        3. Save the file: Hit the esc key and then type in :wq!
      7. Restart necessary services
        sudo service pe-console-services restart
    2. Setup or have a user for the Puppet Master, Puppet CA and Puppet database with either of the following:
      • root with SSH keys
      • root with password
      • Service account with sudo permissions
    3. Collect the appropriate keys from the Puppet Master:
      TypeLocation
      CA Certificate
      /etc/puppetlabs/puppet/ssl/ca/ca_crt
      Service Account Certificate
      /etc/puppetlabs/puppet/ssl/certs/CERTNAME
      Service Account Private Key
      /etc/puppetlabs/puppet/ssl/private_keys/CERTNAME

      *Replace CERTNAME accordingly (e.g.vrosvc)

    4. If any Puppet Agents are Windows OS:
    5. Login to the vRA tenant and validate the following vRA Catalog Items exist:
      1. Add Puppet Master Configuration
      2. Add Puppet Agent Configuration
      3. Add SovLabs vCenter Endpoint

    Setup

    1. Login to the vRA tenant
    2. Perform this step only if using VMware Tools to connect a Puppet server (e.g Puppet Master, Console, Compile Master(s), Database, Hiera)
      • On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
        Add vCenter Endpoint
        SovLabs vCenter Endpoint
        FieldValue
        Configuration label

        *Only AlphaNumeric characters, no spaces or special characters except: - and _

        Unique label

        Version Choose the appropriate vCenter version
        Platform Service Controller (FQDN)

        *Shown when 'Version' is 6+

        Type in the PSC FQDN
        Is the PSC embedded on the vCenter server?

        *Shown when 'Version' is 6+

        vCenter hostname (FQDN)

        *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x

        Type in the vCenter server FQDN
        Credential Configuration for vCenter Endpoint
        Create credential?

        Uncheck the checkbox to choose from existing vCenter Endpoint credentials

        Check the checkbox to create a new credential

        Credential

        *Shown when 'Create credential' is unchecked

        Select the appropriate credential from an existing list of credentials

        Credential configuration label

        *Shown when 'Create credential' is checked

        *Only AlphaNumeric characters, no special characters nor spaces except: - and _

        Unique label.

        Username

        *Shown when 'Create credential' is checked

        Username (user@example.com)

        Password

        *Shown when 'Create credential' is checked

        User's password

    3. Determine if the Puppet Master server (and if defined separately, the Console/Database/Compile Masters/Hiera servers) will be using the same credentials to log in. If so, perform this step:

      On the Catalog page, click on the Request button for Manage Credential Configuration

      • Action: Create
      • Type: Puppet
      • Subtype: Only the Hiera server (if defined separately) can be Windows
      • Connection method: Select the desired connection method
      Manage Credentials
    4. On the Catalog page, click on the Request button for Add Puppet Master Configuration
      Add Puppet Master Configuration
      Puppet Master Configuration

      A Puppet Master Configuration is a target Puppet Master

      General
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Puppet Master version Select the Puppet Master version
      Puppet Master Connection Configuration
      Puppet Master OS family Currently, only allows for unix
      Puppet pe-puppetserver port Port pe-puppetserver listens on, defaults to 8140
      Puppet Master connection method Select the connection method to connect to the Puppet Master server
      Puppet Master hostname Hostname of Puppet Master server (FQDN)
      Puppet Master vCenter Endpoint

      *Shown when 'Puppet Master connection method' is vmware-tools

      Select an existing SovLabs vCenter Endpoint where the Puppet Master VM resides in (Step 2)

      Puppet Master VM name as it appears in vCenter

      *Shown when 'Puppet Master connection method' is vmware-tools

      Type in the VM name of the Puppet Master server as it appears in vCenter

      Directory for temporary Puppet Master scripts Directory to put temporary scripts on the Puppet Master
      Create credential?

      Uncheck the checkbox to choose from existing Puppet credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      SSH Key used?

      *Shown when 'Create credential' is checked and 'Connection method' is SSH

      Check whether or not an SSH key is used

      Username

      *Shown when 'Create credential' is checked

      Username for Puppet Master server

      Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

      User's password

      SSH Key

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key

      SSH Key Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key password, if any

      Console Configuration
      Console OS family Currently, only allows for unix
      Console port Port the Puppet Console listens on, defaults to 4433
      Console connection method Select the connection method to connect to the Puppet Console server
      Console hostname Puppet Console server in FQDN format
      Console vCenter Endpoint

      *Shown when 'Console connection method' is vmware-tools

      Select an existing SovLabs vCenter Endpoint where the Console VM resides in (Step 2)

      Console VM name as it appears in vCenter

      *Shown when 'Console connection method' is vmware-tools

      Type in the VM name of the Puppet Console server as it appears in vCenter

      Directory for temporary Console scripts Directory to put temporary scripts on the Console
      Console create credential?

      Uncheck the checkbox to choose from existing Puppet credentials

      Check the checkbox to create a new credential

      Console credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Console credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Console SSH Key used?

      *Shown when 'Create credential' is checked and 'Connection method' is SSH

      Check whether or not an SSH key is used

      Console Username

      *Shown when 'Create credential' is checked

      Username for Puppet Console server

      Console Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

      User's password

      Console SSH Key

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key

      Console SSH Key Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key password, if any

      Compile Masters
      Use separate Compile Masters? Check the checkbox to define Compile Masters
      Compile Masters OS family

      *Shown when 'Use separate Compile Masters' is checked

      Currently, only allows for unix
      Compile Masters connection method

      *Shown when 'Use separate Compile Masters' is checked

      Select the connection method to connect to the Compile Masters
      Compile Masters hostnames

      *Shown when 'Use separate Compile Masters' is checked and 'Compile Masters connection method' is SSH

      Enter the Compile Master(s) in FQDN format
      Compile Masters vCenter Endpoint

      *Shown when 'Use separate Compile Masters' is checked and 'Compile Masters connection method' is vmware-tools

      Select an existing SovLabs vCenter Endpoint where the Compile Master VMs reside in (Step 2)

      Compile Masters VM names as they appear in vCenter

      *Shown when 'Use separate Compile Masters' is checked and 'Compile Masters connection method' is vmware-tools

      Type in the VM names of the Puppet Compile Master servers as they appear in vCenter

      Directory for temporary Compile Masters scripts

      *Shown when 'Use separate Compile Masters' is checked

      Directory to put temporary scripts on the Compile Masters
      Compile Masters create credential?

      Uncheck the checkbox to choose from existing Puppet credentials

      Check the checkbox to create a new credential

      Compile Masters Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Compile Masters credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Compile Masters SSH Key used?

      *Shown when 'Create credential' is checked and 'Connection method' is SSH

      Check whether or not an SSH key is used

      Compile Masters Username

      *Shown when 'Create credential' is checked

      Username for Compile Masters

      Compile Masters Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

      User's password

      Compile Masters SSH Key

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key

      Compile Masters SSH Key Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key password, if any

      Database Configuration
      Use separate database? Check the checkbox to define database
      Database OS family

      *Shown when 'Use separate database' is checked

      Currently, only allows for unix
      Database connection method

      *Shown when 'Use separate database' is checked

      Select the connection method to connect to the Puppet Database server
      Database hostname

      *Shown when 'Use separate database' is checked and 'Database connection method' is SSH

      Database hostname in FQDN format
      Database vCenter Endpoint

      *Shown when 'Database connection method' is vmware-tools

      Select an existing SovLabs vCenter Endpoint where the Puppet Database VM resides in (Step 2)

      Database VM name as it appears in vCenter

      *Shown when 'Database connection method' is vmware-tools

      Type in the VM name of the Puppet Database server as it appears in vCenter

      Directory for temporary Database scripts

      *Shown when 'Use separate database' is checked

      Directory to put temporary scripts on the database
      Database create credential?

      Uncheck the checkbox to choose from existing Puppet credentials

      Check the checkbox to create a new credential

      Database credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Database credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Database SSH Key used?

      *Shown when 'Create credential' is checked and 'Connection method' is SSH

      Check whether or not an SSH key is used

      Database Username

      *Shown when 'Create credential' is checked

      Username for Puppet Database server

      Database Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

      User's password

      Database SSH Key

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key

      Database SSH Key Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key password, if any

      Group Configuration
      Parent Group Any existing group in the Puppet console that will be the parent for all newly created node groups to be created under

      Can be templated: SovLabs Template Engine

      Parent Group Environment The parent group environment

      Can be templated: SovLabs Template Engine

      Group name template Template for the group name

      Can be templated: SovLabs Template Engine

      Certificate PEM files
      API Certificate

      Puppet API Certificate PEM file

      *Normally found on the Puppet Master and is the Service Account Certificate (Prerequisites Step 3): /etc/puppetlabs/puppet/ssl/certs/CERTNAME

      API RSA Private Key

      Puppet API RSA Private Key PEM file

      *Normally found on the Puppet Master and is the Service Account Private Key (Prerequisites Step 3): /etc/puppetlabs/puppet/ssl/private_keys/CERTNAME

      API CA Certificate

      CA Certification

      *Normally found on the Puppet Master and is the CA Certificate (Prerequisites Step 3): /etc/puppetlabs/puppet/ssl/ca/ca_crt

      Certificate Authority
      Is auto-sign enabled in Puppet? Is autosign enabled in Puppet? If checked yes, skips signing the certificate
      Certificate Authority hostname Puppet Certificate Authority Hostname (FQDN)
      Certificate Authority port Port the Puppet Certificate Authority listens on, defaults to 8140
      Hiera Configuration
      Create hiera node data? Check the checkbox to create hiera node data
      Hiera on Puppet Master server? Uncheck the checkbox only if the hiera server is on a different server from the Puppet Master
      Hiera OS Family

      *Shown when 'Hiera on Puppet Master server?' is unchecked

      Select Hiera OS type
      Hiera connection method

      *Shown when 'Hiera on Puppet Master server?' is unchecked

      Select the connection method
      Hiera hostname

      *Shown when 'Hiera on Puppet Master server?' is unchecked and 'Hiera connection method' is SSH

      Hiera hostname (FQDN)
      Hiera vCenter Endpoint

      *Shown when 'Hiera connection method' is vmware-tools

      Select an existing SovLabs vCenter Endpoint where the Hiera VM resides in (Step 2)

      Hiera VM name as it appears in vCenter

      *Shown when 'Hiera connection method' is vmware-tools

      Type in the VM name of the Hiera server as it appears in vCenter

      Directory for temporary Hiera scripts

      *Shown when 'Hiera on Puppet Master server?' is unchecked

      Directory to put temporary scripts on the Hiera server
      Hiera create credential?

      Uncheck the checkbox to choose from existing Puppet credentials

      Check the checkbox to create a new credential

      Hiera credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Hiera credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Hiera SSH Key used?

      *Shown when 'Create credential' is checked and 'Connection method' is SSH

      Check whether or not an SSH key is used

      Hiera Username

      *Shown when 'Create credential' is checked

      Username for Hiera server

      Hiera Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

      User's password

      Hiera SSH Key

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key

      Hiera SSH Key Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key password, if any

      Hiera Node Data configuration

      *Shown when 'Create Hiera node data?' is checked

      Hiera node data format

      *Shown when 'Create Hiera node data?' is checked

      Hiera node data format
      Hiera node data filename

      *Shown when 'Create Hiera node data?' is checked

      Filename for hiera node data

      Can be templated: SovLabs Template Engine

      Hiera node data template

      *Shown when 'Create Hiera node data?' is checked

      Hiera data template

      Can be templated: SovLabs Template Engine

      Hiera eyaml Public Key

      *Shown when 'Hiera node data format' is eyaml

      Hiera eyaml public key

      *Entire section is only shown when 'Create hiera node data' is checked

      Hiera Pre-Create Script
      Hiera pre-create script Script to execute prior to creating the hiera node data

      Can be templated: SovLabs Template Engine

      Hiera pre-create script arguments Script arguments, if any
      Hiera pre-create script interpreter Script interpreter, e.g. /bin/bash
      Compile Masters Hiera pre-create script

      *Shown when 'Use separate Compile Masters' is checked

      Script to execute prior to creating the hiera node data on the Compile Masters

      Can be templated: SovLabs Template Engine

      Compile Masters Hiera pre-create script arguments

      *Shown when 'Use separate Compile Masters' is checked

      Script arguments, if any
      Compile Masters Hiera pre-create script interpreter

      *Shown when 'Use separate Compile Masters' is checked

      Script interpreter, e.g. /bin/bash
      Hiera Post-Create Script
      Hiera post-create script Script to execute after creating the hiera node data

      Can be templated: SovLabs Template Engine

      Hiera post-create script arguments Script arguments, if any
      Hiera post-create script interpreter Script interpreter, e.g. /bin/bash
      Compile Masters Hiera post-create script

      *Shown when 'Use separate Compile Masters' is checked

      Script to execute after creating the hiera node data on the Compile Masters

      Can be templated: SovLabs Template Engine

      Compile Masters Hiera post-create script arguments

      *Shown when 'Use separate Compile Masters' is checked

      Script arguments, if any
      Compile Masters Hiera post-create script interpreter

      *Shown when 'Use separate Compile Masters' is checked

      Script interpreter, e.g. /bin/bash
      Hiera Pre-Delete Script
      Hiera pre-delete script Script to execute prior to deleting the hiera node data

      Can be templated: SovLabs Template Engine

      Hiera pre-delete script arguments Script arguments, if any
      Hiera pre-delete script interpreter Script interpreter, e.g. /bin/bash
      Compile Masters Hiera pre-delete script

      *Shown when 'Use separate Compile Masters' is checked

      Script to execute prior to deleting the hiera node data on the Compile Masters

      Can be templated: SovLabs Template Engine

      Compile Masters Hiera pre-delete script arguments

      *Shown when 'Use separate Compile Masters' is checked

      Script arguments, if any
      Compile Masters Hiera pre-delete script interpreter

      *Shown when 'Use separate Compile Masters' is checked

      Script interpreter, e.g. /bin/bash
      Hiera Post-Delete Script
      Hiera post-delete script Script to execute after deleting the hiera node data

      Can be templated: SovLabs Template Engine

      Hiera post-delete script arguments Script arguments, if any
      Hiera post-delete script interpreter Script interpreter, e.g. /bin/bash
      Compile MastersHiera post-delete script

      *Shown when 'Use separate Compile Masters' is checked

      Script to execute after deleting the hiera node data on the Compile Masters

      Can be templated: SovLabs Template Engine

      Compile MastersHiera post-delete script arguments

      *Shown when 'Use separate Compile Masters' is checked

      Script arguments, if any
      Compile Masters Hiera post-delete script interpreter

      *Shown when 'Use separate Compile Masters' is checked

      Script interpreter, e.g. /bin/bash
      Purge node script Script purge the node

      Can be templated: SovLabs Template Engine

      Purge node script arguments Script arguments, if any
      Purge node script interpreter Script interpreter, e.g. /bin/bash
      Compile Masters

      *Shown when 'Use separate Compile Masters' is checked

      Compile Masters Purge node script Script purge the node

      Can be templated: SovLabs Template Engine

      Compile Masters Purge node script arguments Script arguments, if any
      Compile Masters Purge node script interpreter Script interpreter, e.g. /bin/bash
      Console
      Purge node console script Script purge the node

      Can be templated: SovLabs Template Engine

      Purge node console script arguments Script arguments, if any
      Purge node console script interpreter Script interpreter, e.g. /bin/bash
      Database

      *Shown when 'Use separate database' is checked

      Purge node database script Script purge the node

      Can be templated: SovLabs Template Engine

      Purge node database script arguments Script arguments, if any
      Purge node database script interpreter Script interpreter, e.g. /bin/bash
    5. On the Catalog page, click on the Request button for Add Puppet Agent Configuration
      Add Puppet Agent Configuration
      Puppet Agent Configuration

      A Puppet Agent configuration defines the Puppet Agent settings

      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Puppet version Select the Puppet Agent version
      Puppet environment Provisioned node environment

      Can be templated to be derived from vRA custom property on the blueprint: SovLabs Template Engine

      OS Family for provisioned nodes unix or windows
      Directory for temporary scripts Directory to put temporary scripts on the provisioned node
      Connection Info
      Connection type Select the desired connection type to the provisioned node
      vCenter Endpoint

      *Shown when 'Connection type' is vmware-tools

      Select the vCenter Endpoint

      Credential Configuration for Provisioned Node
      Create credential?

      Uncheck the checkbox to choose from existing Provisioned Node credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      SSH Key used?

      *Shown when 'Create credential' is checked and 'Connection type' is SSH based

      Check whether or not an SSH key is used

      Username

      *Shown when 'Create credential' is checked

      Username for the provisioned node

      Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

      User's password

      SSH Key

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key

      SSH Key Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key password, if any

      puppet.conf configuration
      puppet.conf file content Contents of puppet.conf file - if left blank, the puppet.conf will not be updated on the provisioned node

      Can be templated: SovLabs Template Engine

      puppet.conf filename

      Can be templated: SovLabs Template Engine

      Facter Files
      Facter facts template Template of the facter facts

      Warning: Facter facts file contents does not support encryption

      Can be templated: SovLabs Template Engine

      Facter facts format Format for the Facter facts file
      Facter facts filename

      Can be templated: SovLabs Template Engine

      Filename (with path) for Facter facts
      Classes
      Classes Add existing classes in Puppet Console for provisioned node to join

      Can be templated: SovLabs Template Engine

      • Single class example with no parameters:
        { "sudo":{} }
      • Single class example with 2 parameters:
        {
                                               "sudo": {"param1": "val1", "param2": "val2"}
                                              }
      • Multi-class example with no parameters:
        { 
                                               "sudo" : {},
                                               "apache": {} 
                                              }
      • Multi-class example with 2 parameters:
        { 
                                               { "sudo": {"param1": "val1", "param2": "val2"}}, 
                                               { "apache": {"param1": "val1", "param2": "val2"}} 
                                              }
      Custom group name When classes are defined, creates a custom group with this specified name

      Can be templated: SovLabs Template Engine

      Groups
      Groups Add existing groups in Puppet Console for provisioned node to join

      Can be templated: SovLabs Template Engine

      Installer File(s)
      Source Installer file Define source installer file (for Windows Puppet Agent)
      Destination Installer file Define destination installer file (for Windows Puppet Agent)
      Install Puppet on a Node Script
      Install script Script to install Puppet on a node - if left blank, expects Puppet to already be installed

      Can be templated: SovLabs Template Engine

      Install script arguments Script arguments, if any

      Can be templated: SovLabs Template Engine

      Install script interpreter

      Script interpreter, e.g. /bin/bash

      *For Windows, only powershell and bat are valid interpreters

      Max retry attempt to Run Puppet Maximum number of attempts to retry Run Puppet
      Ignore final Run Puppet errors? If true, any errors found on the final Puppet run will be ignored and install will be allowed to continue - useful in initial development of new Puppet content
      Run Puppet Script
      Run Puppet script Script to execute after creating the hiera node data

      Can be templated: SovLabs Template Engine

      Run Puppet script arguments Script arguments, if any

      Can be templated: SovLabs Template Engine

      Run Puppet script interpreter

      Script interpreter, e.g. /bin/bash

      *For Windows, only powershell and bat are valid interpreters

      Run Puppet Script Validation
      Run Puppet script success exit codes Success exit codes.

      *List multiple exit codes comma separated

      Run Puppet script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
      Run Puppet Script Validation prior to Certificate being Signed
      Pre-certificate success exit codes Success exit codes.

      *List multiple exit codes comma separated

      Pre-certificate success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
      Final Run Puppet Script Validation
      Final Puppet Run script success exit codes Success exit codes.

      *List multiple exit codes comma separated

      Final Puppet Run script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
      Post Script Script to execute after the final Puppet Run

      Can be templated: SovLabs Template Engine

      Post script arguments Script arguments, if any
      Post script interpreter

      Script interpreter, e.g. /bin/bash

      *For Windows, only powershell and bat are valid interpreters

      Post Script Validation
      Post script success exit codes Success exit codes.

      *List multiple exit codes comma separated

      Post script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
      Pre-Puppet Remove script Script to run prior to removing Puppet from node

      Can be templated: SovLabs Template Engine

      Pre-Puppet Remove script arguments Script arguments, if any
      Pre-Puppet Remove script interpreter

      Script interpreter, e.g. /bin/bash

      *For Windows, only powershell and bat are valid interpreters

    Usage

    1. Login to the vRA tenant
    2. Click on the Design tab > Blueprints
    3. Hover over the desired blueprint name and click Edit
      1. Click on the vSphere machine component on the Blueprint Design Canvas
      2. Click on the Properties tab
      3. In the Property Groups section, add the two vRA property groups for Puppet Enterprise:

        1. Starts with SovLabs-PuppetMaster-
        2. Starts with SovLabs-PuppetAgent-

        Do not attach more than 1 pair of Puppet Enterprise vRA property groups to a vRA blueprint

    4. Repeat Step 3 for all desired blueprints

    Disable

    1. Login to the vRA tenant
    2. Click on the Design tab > Blueprints
    3. Hover over the desired blueprint name and click Edit
      1. Click on the vSphere machine component on the Blueprint Design Canvas
      2. Click on the Properties tab
      3. In the Property Groups section, remove the two vRA property groups for Puppet Enterprise:
        1. Starts with SovLabs-PuppetMaster-
        2. Starts with SovLabs-PuppetAgent-
    4. Repeat Step 3 for all desired blueprints

    Configuration Management

    View features and compatibility

    Quick Start Process

    1. Define Foreman Master(s)
    2. Define Foreman Agent(s)
    3. Apply to existing blueprint(s)
    4. Provision!

    Prerequisites

    1. Create Puppet Certificate and Update Puppet Console configuration

      Create the certificate on the Puppet CA that will be used for communication with the Foreman API and the Puppet CA API.

      Perform the following for each Puppet CA utilized

      *In the following instructions, replace CERTNAME with the name to identify the automation account with, we recommend vrosvc

      1. Login to the Puppet CA
      2. Type in su -
      3. Create a certificate key: puppet cert generate CERTNAME
      4. Modify auth.conf:
        1. Type in
          vi /etc/puppet/auth.conf
        2. If the following section does not exist, copy and paste the following section into the auth.conf file, and replace CERTNAME with the certificate name you created in Step 1 (without the .pem extension). This is case-sensitive. If the section does exist, add your certificate to the allow list:
          path  /certificate_status
                                      method find, save, search
                                      auth yes
                                      allow CERTNAME
                                    
        3. Save the file: Hit the esc key and then type in :wq!
      5. Restart necessary services by typing in: service puppet restart
    2. Setup or have a user for the Puppet Master, Puppet CA and Puppet database:
      • root with SSH keys
      • root with password
      • Service account with sudo permissions
    3. Collect the appropriate keys from the Puppet Master:
      TypeLocation
      CA Certificate
      /var/lib/puppet/ssl/ca/ca_crt.pem
      Service Account Certificate
      /var/lib/puppet/ssl/certs/CERTNAME.pem
      Service Account Private Key
      /var/lib/puppet/ssl/private_keys/CERTNAME.pem

      *Replace CERTNAME accordingly (e.g.vrosvc)

    4. If any Puppet Agents are Windows OS:
    5. Login to the vRA tenant and validate the following vRA Catalog Items exist:
      1. Add Foreman Master Configuration
      2. Add Foreman Agent Configuration
      3. Add SovLabs vCenter Endpoint

    Setup

    1. Login to the vRA tenant
    2. Perform this step only if using VMware Tools to connect a Puppet server (e.g Puppet Master, Console, Hiera, etc)
      • On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
        Add vCenter Endpoint
        SovLabs vCenter Endpoint
        FieldValue
        Configuration label

        *Only AlphaNumeric characters, no spaces or special characters except: - and _

        Unique label

        Version Choose the appropriate vCenter version
        Platform Service Controller (FQDN)

        *Shown when 'Version' is 6+

        Type in the PSC FQDN
        Is the PSC embedded on the vCenter server?

        *Shown when 'Version' is 6+

        vCenter hostname (FQDN)

        *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x

        Type in the vCenter server FQDN
        Credential Configuration for vCenter Endpoint
        Create credential?

        Uncheck the checkbox to choose from existing vCenter Endpoint credentials

        Check the checkbox to create a new credential

        Credential

        *Shown when 'Create credential' is unchecked

        Select the appropriate credential from an existing list of credentials

        Credential configuration label

        *Shown when 'Create credential' is checked

        *Only AlphaNumeric characters, no special characters nor spaces except: - and _

        Unique label.

        Username

        *Shown when 'Create credential' is checked

        Username (user@example.com)

        Password

        *Shown when 'Create credential' is checked

        User's password

    3. Determine if the Puppet Master server (and if defined separately, the Console/Database/Compile Masters/Hiera servers) will be using the same credentials to log in. If so, perform this step:

      On the Catalog page, click on the Request button for Manage Credential Configuration

      • Action: Create
      • Type: Puppet
      • Subtype: Only the Hiera server (if defined separately) can be Windows
      • Connection method: Select the desired connection method
      Manage Credentials
    4. On the Catalog page, click on the Request button for Add Foreman Master Configuration
      Add Foreman Master Configuration
      Foreman Master Configuration

      A Foreman Master Configuration is a target Foreman Master

      General
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Puppet Open Source with Foreman version Select the Puppet Open Source with Foreman version
      Foreman Configuration
      Use Foreman classifier? Check the checkbox to define a separate Foreman server (if not on the Puppet Master)
      Foreman Hostname Foreman hostname in FQDN formaat
      Foreman Port Port for Foreman, defaults to 443
      Create credential?

      Uncheck the checkbox to choose from existing Puppet credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Username

      *Shown when 'Create credential' is checked

      Username for Foreman server

      Password

      *Shown when 'Create credential' is checked

      User's password

      Puppet Master connection configuration
      Puppet Master OS family Currently, only allows for unix
      Puppet pe-puppetserver port Port pe-puppetserver listens on, defaults to 8140
      Puppet Master connection method Select the connection method to connect to the Puppet Master server
      Puppet Master hostname Hostname of Puppet Master server (FQDN)
      Puppet Master vCenter Endpoint

      *Shown when 'Puppet Master connection method' is vmware-tools

      Select an existing SovLabs vCenter Endpoint where the Puppet Master VM resides in (Step 2)

      Puppet Master VM name as it appears in vCenter

      *Shown when 'Puppet Master connection method' is vmware-tools

      Type in the VM name of the Puppet Master server as it appears in vCenter

      Directory for temporary Puppet Master scripts Directory to put temporary scripts on the Puppet Master
      Create credential?

      Uncheck the checkbox to choose from existing Puppet credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      SSH Key used?

      *Shown when 'Create credential' is checked and 'Connection method' is SSH

      Check whether or not an SSH key is used

      Username

      *Shown when 'Create credential' is checked

      Username for Puppet Master server

      Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

      User's password

      SSH Key

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key

      SSH Key Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key password, if any

      Compile Masters
      Compile Master defined? Check the checkbox to define Compile Masters
      Compile Masters OS family

      *Shown when 'Compile Master defined' is checked

      Currently, only allows for unix
      Compile Masters connection method

      *Shown when 'Compile Master defined' is checked

      Select the connection method to connect to the Compile Masters
      Compile Masters hostnames

      *Shown when 'Compile Master defined' is checked and 'Compile Masters connection method' is SSH

      Enter the Compile Master(s) in FQDN format
      Compile Masters vCenter Endpoint

      *Shown when 'Compile Master defined' is checked and 'Compile Masters connection method' is vmware-tools

      Select an existing SovLabs vCenter Endpoint where the Compile Master VMs reside in (Step 2)

      Compile Masters VM names as they appear in vCenter

      *Shown when 'Compile Master defined' is checked and 'Compile Masters connection method' is vmware-tools

      Type in the VM names of the Puppet Compile Master servers as they appear in vCenter

      Directory for temporary Compile Masters scripts

      *Shown when 'Compile Master defined' is checked

      Directory to put temporary scripts on the Compile Masters
      Compile Masters create credential?

      Uncheck the checkbox to choose from existing Puppet credentials

      Check the checkbox to create a new credential

      Compile Masters Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Compile Masters credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Compile Masters SSH Key used?

      *Shown when 'Create credential' is checked and 'Connection method' is SSH

      Check whether or not an SSH key is used

      Compile Masters Username

      *Shown when 'Create credential' is checked

      Username for Compile Masters

      Compile Masters Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

      User's password

      Compile Masters SSH Key

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key

      Compile Masters SSH Key Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key password, if any

      Database Configuration
      Database defined? Check the checkbox to define database
      Database OS family

      *Shown when 'Database defined' is checked

      Currently, only allows for unix
      Database connection method

      *Shown when 'Database defined' is checked

      Select the connection method to connect to the Puppet Database server
      Database hostname

      *Shown when 'Database defined' is checked and 'Database connection method' is SSH

      Database hostname in FQDN format
      Database vCenter Endpoint

      *Shown when 'Database connection method' is vmware-tools

      Select an existing SovLabs vCenter Endpoint where the Puppet Database VM resides in (Step 2)

      Database VM name as it appears in vCenter

      *Shown when 'Database connection method' is vmware-tools

      Type in the VM name of the Puppet Database server as it appears in vCenter

      Directory for temporary Database scripts

      *Shown when 'Database defined' is checked

      Directory to put temporary scripts on the database
      Database create credential?

      Uncheck the checkbox to choose from existing Puppet credentials

      Check the checkbox to create a new credential

      Database credential

      *Shown when 'Database defined' is unchecked

      Select the appropriate credential from an existing list of credentials

      Database credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Database SSH Key used?

      *Shown when 'Create credential' is checked and 'Connection method' is SSH

      Check whether or not an SSH key is used

      Database Username

      *Shown when 'Create credential' is checked

      Username for Puppet Database server

      Database Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

      User's password

      Database SSH Key

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key

      Database SSH Key Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key password, if any

      Certificate PEM files
      API Certificate

      Puppet API Certificate PEM file

      *Normally found on the Puppet Master and is the Service Account Certificate (Prerequisites Step 3): /var/lib/puppet/ssl/certs/CERTNAME.pem

      API RSA Private Key

      Puppet API RSA Private Key PEM file

      *Normally found on the Puppet Master and is the Service Account Private Key (Prerequisites Step 3): /var/lib/puppet/ssl/private_keys/CERTNAME.pem

      API CA Certificate

      CA Certification

      *Normally found on the Puppet Master and is the CA Certificate (Prerequisites Step 3): /var/lib/puppet/ssl/ca/ca_crt.pem

      Certificate Authority
      Is auto-sign enabled in Puppet? Is autosign enabled in Puppet? Check the checkbox to skip signing the certificate
      Certificate Authority hostname Puppet Certificate Authority Hostname (FQDN)
      Certificate Authority port Port the Puppet Certificate Authority listens on, defaults to 8140
      Hiera Configuration
      Create Hiera node data? Check the checkbox to create hiera node data
      Hiera on Puppet Master server? Uncheck the checkbox if the hiera server is on a different server from the Puppet Master
      Hiera OS family

      *Shown when Hiera on Puppet Master server is unchecked

      Hiera OS type
      Hiera connection method

      *Shown when Hiera on Puppet Master server is unchecked

      Select the connection method
      Hiera hostname

      *Shown when 'Hiera on Puppet Master server?' is unchecked and 'Hiera connection method' is SSH

      Hiera hostname (FQDN)
      Hiera vCenter Endpoint

      *Shown when 'Hiera connection method' is vmware-tools

      Select an existing SovLabs vCenter Endpoint where the Hiera VM resides in (Step 2)

      Hiera VM name as it appears in vCenter

      *Shown when 'Hiera connection method' is vmware-tools

      Type in the VM name of the Hiera server as it appears in vCenter

      Directory for temporary Hiera scripts

      *Shown when 'Hiera on Puppet Master server?' is unchecked

      Directory to put temporary scripts on the Hiera server
      Hiera create credential?

      Uncheck the checkbox to choose from existing Puppet credentials

      Check the checkbox to create a new credential

      Hiera credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Hiera credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Hiera SSH Key used?

      *Shown when 'Create credential' is checked and 'Connection method' is SSH

      Check whether or not an SSH key is used

      Hiera Username

      *Shown when 'Create credential' is checked

      Username for Hiera server

      Hiera Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

      User's password

      Hiera SSH Key

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key

      Hiera SSH Key Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key password, if any

      Hiera Node Data configuration

      *Shown when 'Create Hiera node data?' is checked

      Hiera node data format

      *Shown when 'Create Hiera node data?' is checked

      Hiera node data format
      Hiera node data filename

      *Shown when 'Create Hiera node data?' is checked

      Filename for hiera node data

      Can be templated: SovLabs Template Engine

      Hiera node data template

      *Shown when 'Create Hiera node data?' is checked

      Hiera data template

      Can be templated: SovLabs Template Engine

      Hiera eyaml Public Key

      *Shown when 'Hiera node data format' is eyaml

      Hiera eyaml public key

      *Entire section is only shown when Create Hiera Node Data is 'Yes'

      Hiera Pre-Create Script
      Hiera pre-create script Script to execute prior to creating the hiera node data

      Can be templated: SovLabs Template Engine

      Hiera pre-create script arguments Script arguments, if any
      Hiera pre-create script interpreter Script interpreter, e.g. /bin/bash
      Compile Masters Hiera pre-create script

      *Shown when Use separate Compile Masters is 'Yes'

      Script to execute prior to creating the hiera node data on the Compile Masters

      Can be templated: SovLabs Template Engine

      Compile Masters Hiera pre-create script arguments

      *Shown when Use separate Compile Masters is 'Yes'

      Script arguments, if any
      Compile Masters Hiera pre-create script interpreter

      *Shown when Use separate Compile Masters is 'Yes'

      Script interpreter, e.g. /bin/bash
      Hiera Post-Create Script
      Hiera post-create script Script to execute after creating the hiera node data

      Can be templated: SovLabs Template Engine

      Hiera post-create script arguments Script arguments, if any
      Hiera post-create script interpreter Script interpreter, e.g. /bin/bash
      Compile Masters Hiera post-create script

      *Shown when Use separate Compile Masters is 'Yes'

      Script to execute after creating the hiera node data on the Compile Masters

      Can be templated: SovLabs Template Engine

      Compile Masters Hiera post-create script arguments

      *Shown when Use separate Compile Masters is 'Yes'

      Script arguments, if any
      Compile Masters Hiera post-create script interpreter

      *Shown when Use separate Compile Masters is 'Yes'

      Script interpreter, e.g. /bin/bash
      Hiera Pre-Delete Script
      Hiera pre-delete script Script to execute prior to deleting the hiera node data

      Can be templated: SovLabs Template Engine

      Hiera pre-delete script arguments Script arguments, if any
      Hiera pre-delete script interpreter Script interpreter, e.g. /bin/bash
      Compile Masters Hiera pre-delete script

      *Shown when Use separate Compile Masters is 'Yes'

      Script to execute prior to deleting the hiera node data on the Compile Masters

      Can be templated: SovLabs Template Engine

      Compile Masters Hiera pre-delete script arguments

      *Shown when Use separate Compile Masters is 'Yes'

      Script arguments, if any
      Compile Masters Hiera pre-delete script interpreter

      *Shown when Use separate Compile Masters is 'Yes'

      Script interpreter, e.g. /bin/bash
      Hiera Post-Delete Script
      Hiera post-delete script Script to execute after deleting the hiera node data

      Can be templated: SovLabs Template Engine

      Hiera post-delete script arguments Script arguments, if any
      Hiera post-delete script interpreter Script interpreter, e.g. /bin/bash
      Compile Masters Hiera post-delete script

      *Shown when Use separate Compile Masters is 'Yes'

      Script to execute after deleting the hiera node data on the Compile Masters

      Can be templated: SovLabs Template Engine

      Compile Masters Hiera post-delete script arguments

      *Shown when Use separate Compile Masters is 'Yes'

      Script arguments, if any
      Compile Masters Hiera post-delete script interpreter

      *Shown when Use separate Compile Masters is 'Yes'

      Script interpreter, e.g. /bin/bash
      Purge Node Script Script purge the node

      Can be templated: SovLabs Template Engine

      Purge node script arguments Script arguments, if any
      Purge node script interpreter Script interpreter, e.g. /bin/bash
    5. On the Catalog page, click on the Request button for Add Foreman Agent Configuration
      Add Foreman Agent Configuration
      Foreman Agent Configuration

      A Foreman Agent configuration defines the Puppet Open Source with Foreman Agent settings

      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Puppet Open Source with Foreman version Select the Puppet Agent version
      Puppet environment Provisioned node environment

      Can be templated to be derived from vRA custom property on the blueprint: SovLabs Template Engine

      OS Family for provisioned nodes unix or windows
      Directory for temporary scripts Directory to put temporary scripts on the provisioned node
      Connection Info
      Connection type Select the desired connection type to the provisioned node
      vCenter Endpoint

      *Shown when 'Connection type' is vmware-tools

      Select the vCenter Endpoint

      Credential Configuration for Provisioned Node
      Create credential?

      Uncheck the checkbox to choose from existing Provisioned Node credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      SSH Key used?

      *Shown when 'Create credential' is checked and 'Connection type' is SSH based

      Check whether or not an SSH key is used

      Username

      *Shown when 'Create credential' is checked

      Username for the provisioned node

      Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked

      User's password

      SSH Key

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key

      SSH Key Password

      *Shown when 'Create credential' is checked and 'SSH Key used?' is checked

      SSH Key password, if any

      puppet.conf configuration
      puppet.conf file content Contents of puppet.conf file - if left blank, the puppet.conf will not be updated on the provisioned node

      Can be templated: SovLabs Template Engine

      puppet.conf filename

      Can be templated: SovLabs Template Engine

      Facter Files
      Facter facts template Template of the facter facts

      Warning: Facter facts file contents does not support encryption

      Can be templated: SovLabs Template Engine

      Facter facts format Format for the Facter facts file
      Facter facts filename

      Can be templated: SovLabs Template Engine

      Filename (with path) for Facter facts
      Classes
      Classes Add existing classes for provisioned node to join

      Can be templated: SovLabs Template Engine

      • Single class example with no parameters:
        { "sudo":{} }
      • Single class example with 2 parameters:
        {
                                               "sudo": {"param1": "val1", "param2": "val2"}
                                              }
      • Multi-class example with no parameters:
        { 
                                               "sudo" : {},
                                               "apache": {} 
                                              }
      • Multi-class example with 2 parameters:
        { 
                                               { "sudo": {"param1": "val1", "param2": "val2"}}, 
                                               { "apache": {"param1": "val1", "param2": "val2"}} 
                                              }
      Group
      Host Group Add existing host groups for provisioned node to join

      Can be templated: SovLabs Template Engine

      Installer File(s)
      Source Installer file Define source installer file (for Windows Puppet Agent)
      Destination Installer file Define destination installer file (for Windows Puppet Agent)
      Install Puppet on a Node Script
      Install script Script to install Puppet on a node - if left blank, expects Puppet to already be installed

      Can be templated: SovLabs Template Engine

      Install script arguments Script arguments, if any

      Can be templated: SovLabs Template Engine

      Install script interpreter

      Script interpreter, e.g. /bin/bash

      *For Windows, only powershell and bat are valid interpreters

      Max retry attempt to Run Puppet Maximum number of attempts to retry Run Puppet
      Ignore final Run Puppet errors? If true, any errors found on the final Puppet run will be ignored and install will be allowed to continue - useful in initial development of new Puppet content
      Run Puppet Script
      Run Puppet script Script to execute after creating the hiera node data

      Can be templated: SovLabs Template Engine

      Run Puppet script arguments Script arguments, if any

      Can be templated: SovLabs Template Engine

      Run Puppet script interpreter

      Script interpreter, e.g. /bin/bash

      *For Windows, only powershell and bat are valid interpreters

      Run Puppet Script Validation
      Run Puppet script success exit codes Success exit codes.

      *List multiple exit codes comma separated

      Run Puppet script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
      Run Puppet Script Validation prior to Certificate being Signed
      Pre-certificate success exit codes Success exit codes.

      *List multiple exit codes comma separated

      Pre-certificate success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
      Final Run Puppet Script Validation
      Final Puppet Run script success exit codes Success exit codes.

      *List multiple exit codes comma separated

      Final Puppet Run script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
      Post Script Script to execute after the final Puppet Run

      Can be templated: SovLabs Template Engine

      Post script arguments Script arguments, if any
      Post script interpreter

      Script interpreter, e.g. /bin/bash

      *For Windows, only powershell and bat are valid interpreters

      Post Script Validation
      Post script success exit codes Success exit codes.

      *List multiple exit codes comma separated

      Post script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
      Pre-Puppet Remove script Script to run prior to removing Puppet from node

      Can be templated: SovLabs Template Engine

      Pre-Puppet Remove script arguments Script arguments, if any
      Pre-Puppet Remove script interpreter

      Script interpreter, e.g. /bin/bash

      *For Windows, only powershell and bat are valid interpreters

    Usage

    1. Login to the vRA tenant
    2. Click on the Design tab > Blueprints
    3. Hover over the desired blueprint name and click Edit
      1. Click on the vSphere machine component on the Blueprint Design Canvas
      2. Click on the Properties tab
      3. In the Property Groups section, add the two vRA property groups for Puppet Open Source with Foreman:

        1. Starts with SovLabs-ForemanMaster-
        2. Starts with SovLabs-ForemanAgent-

        Do not attach more than 1 pair of Puppet Open Source with Foreman vRA property groups to a vRA blueprint

    4. Repeat Step 3 for all desired blueprints

    Disable

    1. Login to the vRA tenant
    2. Click on the Design tab > Blueprints
    3. Hover over the desired blueprint name and click Edit
      1. Click on the vSphere machine component on the Blueprint Design Canvas
      2. Click on the Properties tab
      3. In the Property Groups section, remove the two vRA property groups for Puppet Open Source with Foreman:
        1. Starts with SovLabs-ForemanMaster-
        2. Starts with SovLabs-ForemanAgent-
    4. Repeat Step 3 for all desired blueprints

    Configuration Management

    View features and compatibility

    Quick Start Process

    1. Define Satellite Configuration(s)
    2. Apply to existing blueprint(s)
    3. Provision!

    Prerequisites

    1. Red Hat Satellite server is properly configured
    2. Red Hat Satellite server is configured to utilize activation key(s) for registering nodes
    3. Red Hat Satellite service user account must have rights to add/update/delete content hosts
    4. Login to the vRA tenant and validate the following vRA Catalog Items exist:
      1. Add Satellite Configuration

    Setup

    1. Login to the vRA tenant
    2. On the Catalog page, click on the Request button for Add Satellite Configuration
      Add Satellite Configuration
      Satellite Configuration
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Satellite Hostname FQDN or IP address of Red Hat Satellite server
      Create credential?

      Uncheck the checkbox to choose from existing Satellite Endpoint credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Username

      *Shown when 'Create credential' is checked

      Username for Red Hat Satellite server

      Password

      *Shown when 'Create credential' is checked

      User's password

      Satellite Organization

      *Auto-generated list based on valid Satellite hostname and Satellite credential

      Select the desired organization to register VMs to

      Activation Key(s) names or template

      List any/all Red Hat Satellite activation keys by name

      *Can be templated: SovLabs Template Engine

      Satellite API 6 upgrade_all? Perform Satellite API 6 upgrade_all? Instructs Red Hat Satellite to update the installed RPM packages to the latest available revisions
      Provisioned Node Credential Configuration

      Credentials to the VMs that will be provisioned

      Create credential?

      Uncheck the checkbox to choose from existing Provisioned Node credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Username

      *Shown when 'Create credential' is checked

      Username for the provisioned VM

      Use SSH Key?

      *Shown when 'Create Credential' is checked

      Select whether or not the provisioned VM will utilize an SSH key

      Password

      *Shown when 'Create Credential' is checked and 'Use SSH Key' is unchecked

      User's password

      SSH Key

      *Shown when 'Create Credential' is checked and 'Use SSH Key' is checked

      SSH Key

      SSH Key Password

      *Shown when 'Create Credential' is checked and 'Use SSH Key' is checked

      SSH Key's password, if any

    Usage

    1. Login to the vRA tenant
    2. Click on the Design tab > Blueprints
    3. Hover over the desired blueprint name and click Edit
      1. Click on the vSphere machine component on the Blueprint Design Canvas
      2. Click on the Properties tab
      3. In the Property Groups section, add the vRA property group for Red Hat Satellite:

        Starts with SovLabs-Satellite-

        Do not attach more than 1 Red Hat Satellite property group to a vRA blueprint

    4. Repeat Step 3 for all desired blueprints

    Disable

    1. Login to the vRA tenant
    2. Click on the Design tab > Blueprints
    3. Hover over the desired blueprint name and click Edit
      1. Click on the vSphere machine component on the Blueprint Design Canvas
      2. Click on the Properties tab
      3. In the Property Groups section, remove the vRA property group for Red Hat Satellite:

        Starts with SovLabs-Satellite-

    4. Repeat Step 3 for all desired blueprints

    Network Load Balancing

    View features and compatibility

    Quick Start Process

    1. Define F5 BIG-IP Endpoint(s)
    2. Drag, drop and modify the F5 Virtual component and link it to dependent machine component in the blueprint canvas
    3. Provision!

    Prerequisites

    1. A user account configured in F5 BIG-IP® that has Administrator role/access:
      • Add/Remove F5 BIG-IP Virtual Servers
      • Add/Remove F5 BIG-IP Pools
      • Add/Remove F5 BIG-IP Nodes and Pool node members
      • Optional: Add F5 BIG-IP Virtual Server iRules, Add F5 BIG-IP Server/Client SSL Profiles, Add F5 BIG-IP Pool Health Monitors
    2. Login to the vRA tenant and validate the following vRA Catalog Items exist:
      1. Add F5 Endpoint
      2. F5 Virtual
      3. Manage Restipe Configurations

    Setup

    1. Login to the vRA tenant
    2. On the Catalog page, click on the Request button for Add F5 Endpoint
      Add F5 Endpoint
      F5 Endpoint

      A F5 BIG-IP Endpoint is the F5 instance where F5 BIG-IP VIPs can be created/removed via the F5 BIG-IP API

      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Hostname F5 BIG-IP hostname (FQDN or IP address)
      HTTPS? Choose whether or not the F5 BIG-IP is HTTPS
      Port F5 BIG-IP port number
      Credential Configuration for F5 Endpoint
      Create credential?

      Uncheck the checkbox to choose from existing F5 Endpoint credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Username

      *Shown when 'Create credential' is checked

      Username (no domain)

      Password

      *Shown when 'Create credential' is checked

      User's password

    3. On the Catalog page, click on the Request button for Manage Restipe Configuration
      Manage RESTipe™ Configuration
      Manage Restipe Configuration

      SovLabs RESTipe™, an “infrastructure as code” approach for defining the steps used to create, reuse, remove and scale F5 BIG-IP structures, such as VIPs, Pools, and Nodes/Members.

      The SovLabs F5 module comes packaged with a functional RESTipe with the most common steps and structures. The SovLabs RESTipe is a single JSON or YAML formatted script, based on the SovLabs Template Engine. For even more flexibility, use the SovLabs RESTipe™ Guide to create custom RESTipe. No need for custom vRO workflows to integrate custom vRA properties or interact with other REST-based endpoints.

      FieldValue
      Action Select whether to Create, Update or Delete
      Filter by type

      *Shown when Action is 'Update' or 'Delete'

      Select the type to filter SovLabs RESTipe by
      RESTipe Drop-down menu

      *Shown when Action is 'Update' or 'Delete'

      Select the RESTipe to update or delete from the drop-down menu
      Type Select the type of SovLabs RESTipe
      Configuration label

      *Shown when Action is 'Create'

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Upon licensing SovLabs F5 module, a default SovLabs RESTipe has been added: F5Config-internal

      RESTipe

      Textarea

      JSON or YAML format

      SovLabs RESTipe Guide

    Usage

    1. Login to the vRA tenant
    2. Click on the Design tab > Blueprints
    3. Create a new blueprint or select an existing blueprint name and click Edit
      1. Under Categories (on left pane), click on Other Components
      2. Drag and drop Create F5 VIP - SovLabs Modules onto the Design Canvas
      3. Tie the Create F5 VIP canvas item to the vSphere Machine canvas item by dragging the arrow FROM Create F5 VIP TO the vSphere Machine View screenshot
      4. Click on the Create_F5_VIP.. canvas item and a window pane will appear on the bottom
      5. Modify fields as desired by setting the default values for fields and other advanced settings and clicking on Apply for each field
        By setting default fields or having advanced settings on the fields, what a requester sees and can select is controlled upon request time of the vRA blueprint
      6. To add additional node level settings during request time:
        1. Click on the blueprint vSphere machine on the Design Canvas
        2. Click on the Properties tab and click the + Add button
        3. In the Property Groups section:
          1. Check the SovLabs-F5NodeConfigurations property group
        4. Click OK
      7. Once the blueprint is set up as desired, click on Finish
      8. If the blueprint saved above is a new blueprint:
        1. Select the blueprint from the list in Design > Blueprints
        2. Click on Publish
        3. Click on Administrators tab > Catalog Management > Catalog items
        4. Find and select the newly created blueprint from the list and click Configure
        5. Find the Service field and select the appropriate Service for the blueprint from the drop-down list
        6. Click OK
    4. If the Create F5 VIP – SovLabs Modules XaaS blueprint needs to be modified:
      1. Click on Design tab > XaaS > XaaS Blueprints
      2. Find and select Create F5 VIP – SovLabs Modules and click Copy
      3. Select Create F5 VIP – SovLabs Modules (2) that was newly created and click Edit
      4. Rename the XaaS blueprint as desired in the Name field (in General tab)
      5. Select the Blueprint form tab and modify the XaaS blueprint and click Finish
      6. Select the XaaS blueprint from the list and click Publish
        1. Click on Administrators tab > Catalog Management > Catalog Items
        2. Find and select the newly created XaaS blueprint from the list and click Configure
        3. Find the Service field. Select the appropriate Service for the blueprint from the drop-down list and click OK
      7. Modify or create a SovLabs RESTipe to include the new field(s)
      8. Repeat Step 3 under Usage for vRA Administrators/Architects

    End-user Usage

    Create a VIP and/or Pool and have provisioned VMs added in as node members

    1. Login to the vRA tenant
    2. Click on the Catalog tab
    3. Request the F5 BIG-IP enabled blueprint

    Add a new node member to an existing vRA Deployment

    1. Login to the vRA tenant
    2. Click on the Items tab
    3. Click on the Deployments menu option from the left menu
    4. Click on the desired deployment and click Scale Out

    Remove a node member from an existing vRA Deployment

    1. Login to the vRA tenant
    2. Click on the Items tab
    3. Click on the Deployments menu option from the left menu
    4. Click on the desired deployment and click Scale In

    Destroying a deployment

    1. Login to the vRA tenant
    2. Click on the Items tab
    3. Click on the Deployments menu option from the left menu
    4. Click on the desired deployment and click Destroy

    Destroying a deployment will remove all node members from the Pool. If the Pool has no members, the Pool will be removed. If the VIP has no Pool and no node members, the VIP will be removed.

    Disable

    1. Login to the vRA tenant
    2. Click on the Design tab > Blueprints
    3. Click the desired blueprint name to edit
    4. Delete the F5 Virtual composite from the blueprint
    5. Optionally, remove the SovLabs-F5NodeConfigurations vRA Property Group from the vSphere Machine composite
    6. Repeat Steps 1-4 for all desired blueprints

    Service Management

    View features and compatibility

    Quick Start Process

    1. Define ServiceNow Endpoint(s)
    2. Define ServiceNow CMDB Configuration(s)
    3. Apply to existing blueprint(s)
    4. Provision!

    Prerequisites

    1. ServiceNow CMDB is properly configured
    2. ServiceNow CMDB service user account must have Web Service admin rights and rights to add/update/delete records
    3. If incorporating with VMware ITSM, perform the following:
      1. Once the VMware ITSM plug-in installed, set the u_vra_uid column to read/write from read only
      2. In ServiceNow, navigate to System Definition
      3. Under Column name, search for u_vra_uid
      4. Click the cmdb_ci table from the results
      5. Uncheck Read only and Check Read/Write
      6. Click Update
    4. Login to the vRA tenant and validate the following vRA Catalog Items exist:
      1. Add ServiceNow Endpoint
      2. Add ServiceNow CMDB

    Setup

    1. Login to the vRA tenant
    2. On the Catalog page, click on the Request button for: Add ServiceNow Endpoint
      Add ServiceNow Endpoint
      ServiceNow Endpoint
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Host URL URL to ServiceNow endpoint. Start with http or https
      Version Select the ServiceNow version
      Credential Configuration for ServiceNow Endpoint
      Create credential?

      Uncheck the checkbox to choose from existing ServiceNow Endpoint credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Username

      *Shown when 'Create credential' is checked

      Username for ServiceNow host

      Password

      *Shown when 'Create credential' is checked

      User's password

    3. On the Catalog page, click on the Request button for Add ServiceNow CMDB Configuration
      Add ServiceNow CMDB Configuration
      ServiceNow CMDB Configuration
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      ServiceNow Endpoint Select the desired ServiceNow endpoint
      Use Import Set? Select whether or not to use Import Set
      Table name Select the table to add/remove records from
      Import Set Name

      *Shown when 'Use Import Set' is checked

      Import set name in ServiceNow
      Delete using Import Set?

      *Shown when 'Use Import Set' is checked

      If No, the record will be deleted from the database tables directly


      If Yes, verify the u_action field is configured on the Import Set and defined in the Transform script

      Example transform script:
      
                                        if (source.u_action == 'delete') {
                                         var vms = new GlideRecord('cmdb_ci_vm_instance');
                                         vms.addQuery('correlation_id', source.u_sovlabs_id);
                                         vms.deleteMultiple();
                                        }
                                      
      JSON template Modify the JSON template accordingly

    Usage

    1. Login to the vRA tenant
    2. Click on the Design tab > Blueprints
    3. Hover over the desired blueprint name and click Edit
      1. Click on the vSphere machine component on the Blueprint Design Canvas
      2. Click on the Properties tab
      3. In the Property Groups section, add the vRA property group for ServiceNow CMDB:

        Starts with SovLabs-SNowCMDB-

        Do not attach more than 1 ServiceNow CMDB property group to a vRA blueprint

    4. Repeat Step 3 for all desired blueprints

    Disable

    1. Login to the vRA tenant
    2. Click on the Design tab > Blueprints
    3. Hover over the desired blueprint name and click Edit
      1. Click on the vSphere machine component on the Blueprint Design Canvas
      2. Click on the Properties tab
      3. In the Property Groups section, remove the vRA property group for ServiceNow CMDB:

        Starts with SovLabs-SNowCMDB-

    4. Repeat Step 3 for all desired blueprints

    Container Management

    View features and compatibility

    Quick Start Process

    1. Define Nirmata Endpoint(s)
    2. Define Nirmata Agent(s)
    3. Apply to existing blueprint(s)
    4. Optionally, boot strap configurations for container host(s)
    5. Deploy apps or container hosts!

    Prerequisites

    1. Nirmata is properly configured
    2. Have an account with Nirmata
    3. Set up Host Groups and Environments in Nirmata
    4. Set up any applications to be deployed from Nirmata
    5. Login to the vRA tenant and validate the following vRA Catalog Items exist:
      1. Add Nirmata Endpoint
      2. Add Nirmata Agent
      3. Deploy Nirmata app environment
      4. Destroy Nirmata app environment
      5. Update Nirmata host group

    Setup

    1. Login to the vRA tenant
    2. On the Catalog page, click on the Request button for Add Nirmata Endpoint
      Add Nirmata Endpoint
      Nirmata Endpoint
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Host URL URL to Nirmata host
      Create credential?

      Uncheck the checkbox to choose from existing Nirmata Endpoint credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Username

      *Shown when 'Create credential' is checked

      Username for Nirmata host

      Password

      *Shown when 'Create credential' is checked

      User's password

    3. On the Catalog page, click on the Request button for: Add Nirmata Agent
      Add Nirmata Agent
      Add Nirmata Agent
      FieldValue
      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Nirmata Endpoint Select the desired Nirmata endpoint
      Host group

      *Auto-generated based on the Nirmata endpoint selected

      Select the desired host group

      Install script Modify the install script as necessary
      Create credential?

      Uncheck the checkbox to choose from existing Provisioned Node credentials

      Check the checkbox to create a new credential

      Credential

      *Shown when 'Create credential' is unchecked

      Select the appropriate credential from an existing list of credentials

      Credential configuration label

      *Shown when 'Create credential' is checked

      *Only AlphaNumeric characters, no special characters nor spaces except: - and _

      Unique label.

      Username

      *Shown when 'Create credential' is checked

      Username for provisioned VM

      Password

      *Shown when 'Create credential' is checked

      User's password

    Usage

    1. Login to the vRA tenant
    2. Click on the Design tab > Blueprints
    3. Hover over the desired blueprint name and click Edit
      1. Click on the vSphere machine component on the Blueprint Design Canvas
      2. Click on the Properties tab
      3. In the Property Groups section, add the vRA property group for Multi-Cloud Docker Container Management with Nirmata:

        Starts with SovLabs-Nirmata-

        Do not attach more than 1 Multi-Cloud Docker Container Management with Nirmata property group to a vRA blueprint

    4. Repeat Step 3 for all desired blueprints

    Disable

    1. Login to the vRA tenant
    2. Click on the Design tab > Blueprints
    3. Hover over the desired blueprint name and click Edit
      1. Click on the vSphere machine component on the Blueprint Design Canvas
      2. Click on the Properties tab
      3. In the Property Groups section, remove the vRA property group for Multi-Cloud Docker Container Management with Nirmata:

        Starts with SovLabs-Nirmata-

    4. Repeat Step 3 for all desired blueprints

    SovLabs Extensibility Modules Appendix

    1. Login to the vRA tenant
    2. Click on SovLabs vRA Extensiblity Modules from the left-hand menu
    3. Click on the Items tab
    4. Select the desired category name via the left-hand menu
    5. Click on the desired vRA item

      Don't see the item? Find the Owned by: dropdown (next to the searchbar) and select All groups I Manage

    6. Click on Actions
      • Click on Update to update and submit after filling out form fields
      • Click on Delete to delete and submit

    SovLabs Credential allows better management of credentials across vRA configuration items. Once an Credential is configured, it will be encrypted

    Modules that use the Credential configuration will provide a dropdown list of relevant Credential configurations to choose from

    Prerequisites

    • If utilizing SSH keys, have the full SSH private key readily available along with the SSH Key passphrase, if a passphrase is required
    • If using a simple login username and password, have the credentials readily available

    Setup

    1. Login to the vRA tenant
    2. On the Catalog page, click on the Request button for Manage Credential Configuration
      SovLabs Credential
      Manage Credential Configuration
      FieldValue
      Action Choose whether to Create a credential or Update or Delete an existing credential
      Filter by type

      *Shown if 'Action' is Update or Delete

      Type to filter existing credentials by

      Credential

      *Shown if 'Action' is Update or Delete

      Select an existing credential to update or delete

      Configuration label

      *Only AlphaNumeric characters, no spaces or special characters except: - and _

      Unique label

      Type

      Type of Credential use

      Subtype

      Subtype for granular filtering

      Connection method Select the connection method
      SSH Key used?

      *Shown when 'Connection method' is SSH based

      Check the checkbox to use an SSH key
      Username Username that has necessary permissions
      Password

      *Shown when 'SSH key used' is checked

      User's password
      SSH Key

      *Shown when 'SSH key used' is checked

      SSH Key
      SSH Key Password

      *Shown when 'SSH key used' is checked

      SSH Key password, if any

    Usage

    Use by selecting a SovLabs Credential configuration in any SovLabs Endpoints and/or Configurations



    Entitle Day 2 Operations for End-users/Groups defined in a vRA entitlement

    Configure Entitlements for End-user Operations

    1. Login to the vRA tenant
    2. Click on Administration > Catalog Management > Entitlements
    3. Click on a desired entitlement to edit
    4. Click on the Items & Approvals tab
    5. Click on the next to Entitled Actions
    6. Type in a desired search text in the Name field to search for all related SovLabs actions
    7. Select all or some of the following actions shown, depending on the level of permissions desired for the entitlement
    8. Click OK to entitle actions and make them available for end-users
    9. Click Finish to save the entitlement

      View screenshot

    10. Repeat for all desired Entitlements

    Remove Entitlements for End-user Operations

    1. Login to the vRA tenant
    2. Click on Administration > Catalog Management > Entitlements
    3. Click on a desired entitlement to edit
    4. Click on the Items & Approvals tab
    5. In the Entitled Actions column, find a desired Action to remove
    6. Click on the and then click Remove
    7. Click Finish to save

      View screenshot

    8. Repeat for all desired Entitlements