Get Started

vRA 7.x with SovLabs Plugin 2017.3.x

SovLabs Automation and Extensibility Modules allow your IT department to build a fully-functioning Cloud Management Platform (CMP) without writing a single workflow.

Integrate with your existing tools for DNS and IPAM, among others. Our modules manage things like adding and removing DNS records, Active Directory, IPAM reservations, and much more. Manage server lifecycles from provisioning to disposal and provide value to your business in days instead of months.

Benefits

Quick start

Don't spend weeks learning how to build vRO workflows and vRA content. You can be up and running next week. Let us be your content experts.

Simple installation

Our software is delivered as a plugin which is imported into vRealize Orchestration. A configuration workflow creates the core vRA resources.

Protect your investment

We test against new versions of vRA/vRO as they are released and we release a new SovLabs vRA Module Plugin to you. Take the worry out of maintaining your CMP investment and upgrade vRA/vRO without fear of breaking your IT Processes.

The SovLabs plugin provides a flexible template language that allows for utilization and transformation of vRA Custom Properties, which can drastically reduce complexity in large environments.

Assumptions

Consumer has the following VMware products and has basic knowledge on how to access and use:

Terminology

TermDefinition
vRAShort for VMware’s vRealize Automation

Formerly known as vCenter Automation Center (vCAC)

vROShort for VMware’s vRealize Orchestrator

Formerly known as vCenter Orchestrator (vCO)

EBSShort for VMware’s Event Broker Subscriptions

vRA Lifecycles

SovLabs vRA modules are called via vRA Event Subscriptions during specific VM Lifecycle states:

vRA LifecycleDetails
Machine RequestedvRA is requesting a reservation and network IP
Machine BuildingvRA is assigning a reservation and network IP
Machine ProvisionedvRA provisioned machine, e.g. cloned virtual machine
Machine ReconfigurevRA is reconfiguring the virtual machine
Machine DisposingvRA is destroying virtual machine
Machine Disposing_POSTvRA destroyed the virtual machine
View SovLabs vRA Event Subscriptions

1.0 Setup vRA

Install and configure VMware's vRealize Automation (vRA) 7.x+

1.1 Additional vRA Configurations

  • Create a vRA service account in Active Directory for the SovLabs plugin to utilize
  • Add the vRA service account to vRA IaaS admins
  • Configure vRA Tenant(s) (supports vsphere.local)
  • Configure a vRA Business Group

    The vRA Business Group is for administrative purposes of separating entitlements of vRA Catalog Items

  • Configure and test vRA Compute Resources, Reservations, etc
  • Create, configure and test vRA Blueprint(s) for each OS desired (with necessary network profiles, reservations, etc.)

1.2 Configure vRA Service Account Permissions

  1. Login to the root vRA tenant: https://vRA-FQDN/vcac
  2. Click on Administration tab > Users & Groups > Custom Groups
  3. If a group does not exist, add a group:
    1. Input the group name and description. DO NOT put spaces in the group name.
    2. Select the Tenant Administrator and XaaS Architect role listed in the Add Roles to this Group box
    3. Click Next
    4. Type in the vRA service account or vRA service account group
    5. Click Add
  4. If a group exists, edit the group and verify that the following roles are selected:
    • Tenant Administrator
    • XaaS Architect
  5. Click Next
  6. Type in the vRA service account or vRA service account group
  7. Click Update

1.3 Configure a vRO Endpoint in vRA

Using an External vRO

  1. Login to the vRA tenant
  2. Click on the Administration tab > vRO Configuration > Server Configuration:
    • Toggle the Use an external Orchestrator server radio button.
    • Select Basic authentication and enter appropriate credentials

      Should be Service Account configured in Section 1.1

      *Username in UPN format user@domain
    • Click Test Connection. If connection is successful, click OK.
  3. Add an external vRO endpoint in vRA for Infrastructure: Click on the Infrastructure tab > Endpoints > Endpoints:
    1. Click on +New > Orchestration > vRealize Orchestrator
    2. Fill out the form accordingly
    3. Click on +New Custom Property to add the property:
      • Name: VMware.VCenterOrchestrator.Priority
      • Value: (number, 1 being highest priority)
    4. Click OK

Using an Internal vRO

  1. Login to the vRA tenant:
  2. Click on the Administration tab > vRO Configuration > Server Configuration:
    • Toggle the Use the default Orchestrator server that was configured by the system administrator radio button
    • Click Test Connection. If connection is successful, click OK.

1.4 Configure vRA Extensibility Lifecycle message timeout

Perform the following for each vRA tenant utilized

  1. Login to the vRA tenant
  2. Click on the Infrastructure tab > Administration > Global settings:
    • Select (click on) the Extensibility lifecycle message timeout row
    • Click on the Edit button
    • Input a value that will be greater than the longest event workflow subscription timeout (e.g. 3+)

Install and configure VMware's vRealize Orchestrator (vRO) 7.x+

2.1 Active Directory Configuration

  • Create or identify a vRO Admins group in Active Directory where the vRO server(s) belong
  • Create or identify a vRO Service Account in Active Directory for the SovLabs plugin to utilize

2.2 Configure vRO Execution Permissions

The following is necessary in order for vRO to execute external applications and perform actions such as ping

Automate this process

This entire step (except Step 2.2.1 - EMC's FEHC) can be automated by downloading an interactive script that needs to be copied and run on each vRO server

Must have an account and login to download

Download script

  1. SSH as user root to the vRO server (e.g. SSH via PuTTy)
  2. Modify the vmo.properties file:
    1. vi /etc/vco/app-server/vmo.properties
    2. Press the i key on the keyboard
    3. Copy & paste the following line to the end file:
      com.vmware.js.allow-local-process=true
    4. Press the esc key on the keyboard
    5. Type in :wq! and press the Enter key
  3. Modify the js-io-rights.conf file:
    1. vi /etc/vco/app-server/js-io-rights.conf
    2. Press the i key on the keyboard
    3. Copy & paste the following line to the end file:
      +rwx /tmp
    4. Press the esc key on the keyboard
    5. Type in :wq! and press the Enter key
    6. Ensure that the file has the appropriate permissions:
      1. cd /etc/vco/app-server
      2. chown vco:vco js-io-rights.conf
      3. chmod 640 js-io-rights.conf
  4. Restart the vRO server(s)
    • Type in service vco-server restart

2.2.1 EMC's FEHC 3.x and 4.x

EMC's Federation Enterprise Hybrid Cloud

Perform the following only if using EMC's FEHC

  1. SSH as user root to the vRO server (e.g. SSH via PuTTy)
  2. Modify the setenv.sh file:
    1. vi /usr/lib/vco/app-server/bin/setenv.sh
    2. Press the i key on the keyboard
    3. Copy & paste the following line to the end of the JVM_OPTS variable:
      -Djsse.enableSNIExtension=false
    4. Press the esc key on the keyboard
    5. Type in :wq! and press the Enter key
  3. Restart the vRO server(s)
    • Type in service vco-server restart

2.3 Configure Kerberos

Perform the following steps for each vRO server that will be utilized

Automate this process

This entire step can be automated by downloading an interactive script that needs to be copied and run on each vRO server

If this script was downloaded from Step 2.1 and performed, skip this step entirely

Must have an account and login to download

Download script

  1. SSH as user root to the vRO server
  2. Create the file krb5.conf:
    1. vi /usr/java/jre-vmware/lib/security/krb5.conf
    2. Press the i key
    3. Copy & paste the following into the file
      krb5.conf - Single Domain
      • [libdefaults]
                                       default_realm = EXAMPLE.COM
                                       udp_preferences_limit = 1 
                                      [realms] 
                                       EXAMPLE.COM = {
                                        kdc = example.com
                                        default_domain = example.com
                                       }
                                      [domain_realm] 
                                       .example.com=EXAMPLE.COM
                                       example.com=EXAMPLE.COM
                                      [logging] 
                                       kdc = FILE:/var/log/krb5/krb5kdc.log
                                       admin_server = FILE:/var/log/krb5/kadmind.log
                                       default = SYSLOG:NOTICE:DAEMON
                                      

        Replace example.com with company domain appropriately:
         If EXAMPLE.COM is in all uppercase, domain should be in all caps.
         If example.com is in all lowercase, domain should be in lowercase letters.

      • Example - sovlabs.net

        [libdefaults]
                                       default_realm = SOVLABS.NET
                                       udp_preferences_limit = 1 
                                      [realms] 
                                       SOVLABS.NET = {
                                        kdc = sovlabs.net
                                        default_domain = sovlabs.net
                                       }
                                      [domain_realm] 
                                       .sovlabs.net=SOVLABS.NET
                                       sovlabs.net=SOVLABS.NET
                                      [logging] 
                                       kdc = FILE:/var/log/krb5/krb5kdc.log
                                       admin_server = FILE:/var/log/krb5/kadmind.log
                                       default = SYSLOG:NOTICE:DAEMON
      krb5.conf - Multiple Domain
      • [libdefaults]
                                       default_realm = EXAMPLE1.COM
                                       udp_preferences_limit = 1 
                                      [realms] 
                                       EXAMPLE1.COM = {
                                        kdc = example1.com
                                        default_domain = example1.com
                                       }
                                       EXAMPLE2.COM = {
                                        kdc = example2.com
                                        default_domain = example2.com
                                       }
                                      [domain_realm] 
                                       .example2.com=EXAMPLE2.COM
                                       example2.com=EXAMPLE2.COM
                                       .example1.com=EXAMPLE1.COM
                                       example1.com=EXAMPLE1.COM
                                      [logging] 
                                       kdc = FILE:/var/log/krb5/krb5kdc.log
                                       admin_server = FILE:/var/log/krb5/kadmind.log
                                       default = SYSLOG:NOTICE:DAEMON
                                      

        Replace example#.com with company domain appropriately:
         If EXAMPLE#.COM is in all uppercase, domain should be in all caps.
         If example#.com is in all lowercase, domain should be in lowercase letters.

        Any child domains must be defined before the parent domains in the [domain_realm] section

      • Example

        [libdefaults]
                                       default_realm = >SOVLABS.NET
                                       udp_preferences_limit = 1 
                                      [realms] 
                                       SOVLABS.NET = {
                                        kdc = sovlabs.net
                                        default_domain = sovlabs.net
                                       }
                                       SOVLABS.2K8AD.NET = {
                                        kdc = sovlabs.2k8ad.net
                                        default_domain = sovlabs.2k8ad.net
                                       }
                                      [domain_realm]
                                       .sovlabs.2k8ad.net=SOVLABS.2K8AD.NET
                                       sovlabs.2k8ad.net=SOVLABS.2K8AD.NET
                                       .sovlabs.net=SOVLABS.NET
                                       sovlabs.net=SOVLABS.NET
                                      [logging] 
                                       kdc = FILE:/var/log/krb5/krb5kdc.log
                                       admin_server = FILE:/var/log/krb5/kadmind.log
                                       default = SYSLOG:NOTICE:DAEMON

        sovlabs.2k8ad.net is the child domain

      Configuration Note

      For the [realms] section, you may put a domain in the kdc = line, or you may specify one or more specific domain controllers by FQDN.

      If you configure a domain for your kdc, a domain controller will be resolved from the domain automatically.

      For a lab or non-production environment, or for a very large network with DCs spanning multiple geographical locations, it might be beneficial to specify your kdcs as specific Domain Controllers.

      However, if you specify DCs by name, if you remove DCs or the names change, the configuration here would have to change. Please consider these factors in your decision.

      [realms]
                                   EXAMPLE.COM = {
                                    kdc = domaincontroller01.example.com
                                    kdc = domaincontroller02.example.com
                                    kdc = domaincontroller03.example.com
                                    default_domain = example.com
                                   }
                                
    4. Press the esc key
    5. Type :wq!
    6. Press the enter key
  3. Ensure that the file has the appropriate permissions:
    chmod 644 /usr/java/jre-vmware/lib/security/krb5.conf
  4. Restart vRO service: service vco-server restart

2.4 Download vRO's vRA plugin

If your vRA version is 7.2 or greater, skip to Section 2.6

  1. Download vRO's vRA plugin via: VMware's vRO Plug-In for vRA
  2. Create a VMware account or sign-in
  3. Two plugins are included in the plugin download.

    For example, downloading o11nplugin-vcac-6.2.3-3004239.vmoapp will provide:

    • vCAC Infrastructure Administration plugin
    • vCloud Automation Center plugin

2.5 Install vRO's vRA plugins

If your vRA version is 7.2, skip to Section 2.6

If your vRA version is 7.3, apply the CAFE plugin patch from VMware. KB Article: 2150546

Perform the following for each vRO server

  1. Login to the vRO configuration page: https://vro-fqdn:8283/vco-controlcenter/#/
    • vRA 7.2 or below with user root
    • vRA 7.3 with administrator account
  2. Click on the Manage Plug-Ins icon
  3. Locate on the Install plug-in section
  4. Drag the plugin .dar or .vmoapp file into the browse bar
  5. Click on Install
  6. Repeat Steps 4 and 5 for the second plugin
  7. Restart the vRO server
    1. On the Home page, click on the Startup Options icon
    2. Click on Restart
    3. Wait for vRO to restart successfully
  8. Log back in to the vRO configuration page
  9. Click on the Manage Plug-Ins icon
  10. Verify that the installed plugin is listed among the vRO plugins

2.6 Configure vRA endpoints in vRO

2.6.1 Add vRA host for tenant

Perform the following once in vRO for each vRA tenant

  1. Open the vRO client
  2. Login to the vRO server
  3. Click on the Design mode, located near the top-left corner of the client
  4. Click on the Workflows tab
  5. Run vRO workflow: /Library/vRealize Automation/Configuration/Add a vRA host
  6. Fill out the form fields properly:
    FieldValue
    HostnamevRA server

    If utilizing vsphere.local tenant, begin the hostname with "sovlabs_"
    (e.g. sovlabs_vra01.example.com)

    The SovLabs plugin can't differentiate between vRA Shared Session endpoint for created for SovLabs and the Default "Per User" one already configured for vsphere.local, so the module looks for the one that begins with "sovlabs_".

    Host URLvRA URL
    Automatically install SSL certificates?Yes
    Connection TimeoutKeep default
    Operation TimeoutKeep default
    Session modeShared Session
    TenantPrimary vRA tenant for vRO to interact with
    UsernamevRA Service Account username
    PasswordvRA Service Account password
  7. Click Submit
  8. Verify the Add a vRA host workflow completed successfully

2.6.2 Add an IaaS host

Perform the following once in vRO for each vRA tenant

  1. Open the vRO client
  2. Login to the vRO server
  3. Click on the Design mode, located near the top-left corner of the client
  4. Click on the Workflows tab
  5. Run vRO workflow: /Library/vRealize Automation/Infrastructure Administration/Configuration/Add an IaaS host
  6. Fill out the form fields properly:
    FieldValue
    NameIaaS Host FQDN
    Host URLIaaS Host FQDN
    Automatically install SSL certificaitesYes
    Connection timeout (seconds)Keep default
    Operation timeout (seconds)Keep default
    Session modeIf utilizing a vRO built in to the vRA appliance, use SSO. If not, use NTLM

    Authentication usernameUsername without domain name
    PasswordUser's password
    Workstation for NTLM authenticationLeave as blank
    Domain for NTLM authenticationDomain
  7. Click Submit
  8. Verify the Add an IaaS host workflow completed successfully

3.1 Firewall Rules

*Please verify all applicable sources and destinations on the following ports are open.

*Please note that all ports listed below are default/standard ports. Your configuration may vary. Please verify with your local administrator.

SourceTargetProtocolStandard Port(s)Bi-directionalSovLabs Module(s)
vRO ServervCenter PSC (6.x+) or ESX hostsTCP - HTTPS443 and 902NoMicrosoft AD
Microsoft DNS
Microsoft IPAM
Puppet Enterprise
Puppet Open Source with Foreman

*For VMware Tools

vRO ServerAnsible TowerTCP - HTTPS443NoAnsible Tower
Ansible TowervRO ServerTCP8281NoAnsible Tower
vRO ServerBlueCatTCP - HTTPS443NoBlueCat IPAM & DNS
vRO ServerBT DiamondTCP - HTTPS8443NoBT Diamond IP: IPAM & DNS
vRO ServerCohesity ClusterTCP - HTTPS443NoCohesity Backup as a Service
vRO ServerInfobloxTCP443NoInfoblox IPAM & DNS
vRO ServerSolarWinds DatabaseTCP1433NoSolarWinds IPAM via non-API
vRO ServerSolarWinds IPAddress ManagerTCP17778NoSolarWinds DNS
SolarWinds IPAM
vRO ServerWindows 2012 Member ServersTCP22NoMicrosoft AD
Microsoft DNS
vRO ServerSovLabs Microsoft Endpoints for ADTCP/UDP139
445
5985
5986
NoMicrosoft AD
vRO ServerSovLabs Microsoft Endpoints for DNSTCP/UDP139
445
5985
5986
NoMicrosoft DNS
Windows 2012 Member ServersSovLabs Microsoft Endpoints for ADTCP88
389
9389
NoMicrosoft AD
Windows 2012 Member ServersSovLabs Microsoft Endpoints for DNSTCP53
139
389
445
464
NoMicrosoft DNS
vRO ServerServer SubnetsTCP22
139
445
5985
5986
NoAll
vRO ServerPuppet MasterTCP22
8140
NoPuppet Enterprise
vRO ServerPuppet Compile MastersTCP22NoPuppet Enterprise
vRO ServerPuppet ConsoleTCP22
4433
NoPuppet Enterprise
vRO ServerPuppet DatabaseTCP22NoPuppet Enterprise
vRO ServerPuppet HieraTCP22NoPuppet Enterprise
vRO ServerForemanTCP22
443
NoPuppet Open Source with Foreman
vRO ServerPuppet MasterTCP22
8140
NoPuppet Open Source with Foreman
vRO ServerRubrik ClusterTCP - HTTPS443NoRubrik Backup as a Service
vRO ServerRed Hat Satellite serversTCP22
80
443
NoRed Hat Satellite
vRO ServerServiceNow CMDB
*Needs Internet access
TCP443NoServiceNow CMDB
vRO ServerVeeam BEMTCP - HTTPS9399NoVeeam Backup as a Service
vRO ServervCenter serversTCP80
443
NovSphere DRS and Snapshot Management
vRO ServerNirmata
*Needs Internet access
TCP443NoMulti-cloud Docker Container Management with Nirmata
vRO ServerSMTPTCP25
465 (SSL)
587 (STARTTLS)
NoNotifications
vRO ServerIMAPTCP143
993 (SSL)
NoNotifications

3.2 Setup WinRM

Skip if not implementing the following modules:
  • Microsoft AD
  • Microsoft DNS
  • Microsoft IPAM
  • Puppet Enterprise
  • Puppet Open Source with Foreman

Skip if connecting to Windows servers via VMware Tools, SSH, CygwinSSH and/or WinSSHD

3.2.1 Activate WinRM on a Windows server

Activating WinRM on a Windows server allows the SovLabs modules to function properly on proxy and/or target Windows servers
  1. Download the Activate WinRM PowerShell script

    Disclaimer: Please review the activate-winrm.ps1 PowerShell script and modify according to your best security practices. Rules in Windows Firewall are configured to allow for connectivity to/from vRA and vRO servers

  2. Login to the Windows server
  3. Upload the .ps1 file to desired directory
  4. Open PowerShell Run as Administrator
  5. Run the script by entering the full path to the script: C:\[folderpath]\activate-winrm.ps1
  6. WinRM should activate successfully
  7. Repeat for all Windows servers (e.g. Microsoft AD/DNS/IPAM server)

3.2.2 Enable Activate WinRM on a vRA blueprint

Enabling activate WinRM on a vRA blueprint allows the SovLabs modules to function properly on provisioned VMs from SovLabs Puppet Enterprise and SovLabs Puppet Open Source with Foreman modules
  1. Download the Activate WinRM PowerShell script

    Disclaimer: Please review the activate-winrm.ps1 PowerShell script and modify according to your best security practices. Rules in Windows Firewall are configured to allow for connectivity to/from vRA and vRO servers

  2. Upload the activate-winrm.ps1 script onto a desired share server
  3. Login to vCenter
  4. Navigate to Home > Customization Specification Manager
  5. Edit desired Customization Specification(s)
  6. Click on Run Once tab and add the following commands:
    cmd /c powershell -executionpolicy Bypass -noninteractive -file //{{share path}}/activate-winrm.ps1

    Replace {{share path}} with the path to the share that contains the activate-winrm.ps1 script

    cmd /c shutdown /l /f

    If other commands exist, please make sure this command is at the very end. The command logs the Administrator off

  7. Click OK to save the modifications on the Customization Specification(s)
  8. Login to vRA tenant
  9. Navigate to blueprints: Design tab > Blueprints
  10. Edit desired blueprint(s)
  11. Click on the blueprint vSphere machine on the Design Canvas
  12. Click on Build Information tab on the blueprint
  13. Type in or verify the Customization Specification name in the Customization spec field
  14. Save blueprint by clicking on Finish
  15. Repeat for all desired blueprints

3.3 Configure Windows Jump Server

Configure Windows Jump Server with Remote Management and SSH server. If direct connection to your Windows Domain Controllers (DCs) is either restricted or otherwise not desired, a Windows Member Server configured for remote management can be used by the SovLabs plugin to manage Microsoft AD and DNS entries.

The modules for Microsoft AD and DNS require powershell cmdlets, so the Windows Member Server must be Windows 2012 or above.
The SovLabs Plugins for Microsoft AD and DNS use SSH as the connection method to the Windows Member Server. Therefore, the Jump Server must have either CygwinSSH server or Bitvise SSH server installed and configured.

Perform the following steps for each Windows Jump server that will be utilized

3.3.1 Remotely manage Microsoft Active Directory

  1. Login to the Windows server
  2. If this server will remotely manage Active Directory, install these Roles on your Member Server:
  3. Under Role Administration Tools
    1. Active Directory module for Windows Powershell
    2. AD DS Tools
      1. Active Directory Administrative Center
      2. AD DS Snap-Ins and Command-Line Tools
    3. AD LDS Snap-ins and Command-Line Tools
  4. Install and configure SSH server appropriately for either of the following:
  5. If non-administrative rights are desired:
    1. Create a share
    2. Assign Modify (read/write) permissions to a user account

3.3.2 Remotely manage Microsoft DNS

  1. Login to the Windows server
  2. Access the Server Manager
  3. Click on Manage option on the top right menu > Add Roles and Features
  4. On the Add Roles and Features Wizard:
    1. Before You Begin: Click Next
    2. Installation Type: Accept defaults and click Next
    3. Server Selection: Accept defaults and click Next
    4. Server Roles: Accept defaults and click Next
    5. Features:
      1. Expand Remote Server Administration Tools
      2. Select DNS Server Tools
      3. Click Next
    6. Confirmation: Click Install
    7. Results: Verify valid results
  5. Install and configure SSH server appropriately for either of the following:
  6. If non-administrative rights are desired:
    1. Create a share
    2. Assign Modify (read/write) permissions to a user account
Bitvise SSH Server is a third-party product which requires a valid license. See See www.bitvise.com for details.

4.1 Download & Install SovLabs Plugin

4.1.1 Update vRO Heap Size

Skip if already performed for all applicable vRO servers
  1. SSH as user root to the vRO server
    1. vi /var/lib/vco/configuration/bin/setenv.sh
    2. Find the #MEM_OPTS section
    3. Press the i key
    4. Replace the -Xmx512m \ to be -Xmx768m \

      *Changing the number from 512 to be 768

    5. Press the esc key
    6. Type :wq!
    7. Press the enter key
  2. Restart vRO service: service vco-configurator restart

4.1.2 Install SovLabs Plugin

  1. Download the SovLabs plugin
  2. Login to the vRO configuration page: https://vro-fqdn:8283/vco-controlcenter/#/ with user root
  3. Click on the Manage Plug-Ins icon
  4. Locate on the Install plug-in section
  5. Drag the plugin o11nplugin-sovlabs.vmoapp file into the browse bar
  6. Click on Install
  7. Accept the EULA
  8. Restart the vRO server
    1. On the Home page, click on the Startup Options icon
    2. Click on Restart
    3. Wait for vRO to restart successfully
  9. Log back in to the vRO configuration page
  10. Click on the Manage Plug-Ins icon
  11. Verify that the installed plugin is listed among the vRO plugins

4.2 First Install

Installing and configuring the SovLabs plugin is only performed once for each vRA tenant and vRO server the SovLabs vRA Extensibility modules interact with

  1. Download and install the new SovLabs plugin (Section 4.1)
  2. Open the vRO client
  3. Login to the vRO server
  4. Click on the Design mode, located near the top-left corner of the client
  5. Click on the Workflows tab
  6. Run vRO workflow: SovLabs/Configuration/SovLabs Configuration
  7. Fill out the SovLabs Configuration workflow form appropriately:
    FieldInstructions
    SovLabs EULAAccept the SovLabs EULA
    Main Configuration
    vRA Tenant Name for SovLabs Service and Catalog Items Select the appropriate tenant
    Business Group Name to be associated with the SovLabs vRA Catalog Service Select the appropriate business group
    Create SovLabs vRA Catalog Service? Select 'Yes'
    Security Group

    vRA service account in UPN format (e.g. group.domain.com)

    *Is the security group defined in vRA that will be entitled to the SovLabs vRA Catalog Service

    *Should be the service account referenced in Section 1.2 , not the service account itself.

    *If the vRA endpoint in Section 2.6.1 was created with a different accoung (e.g. admin@vsphere.local) then this will error out with a 403. Please ensure that the endpoing owner is in the same security group referenced here.

    Publish License Content? Select 'Yes'
    Upgrade Options
    Upgrade existing SovLabs vRA content? Select 'No'
    Lifecycle Configuration - Install/Upgrade
    Install or Update SovLabs workflow subscriptions (vRA7.x)? Select 'Yes'

    *Enables vRA to call vRO during machine lifecycles

    View SovLabs vRA Event Subscriptions

  8. Click Submit
  9. Verify that the SovLabs Configuration workflow completed successfully
  10. Verify the SovLabs Plugin
  11. Add the new SovLabs license & begin!

4.3 Performing an Update

4.3.1 Create backup vRO Package

Download instructions

4.3.2 If upgrading from 2017.1x or earlier

  1. Login to the vRA tenant
  2. Click on Design > XaaS > Custom Resources
  3. Find and edit SovLabs DNS
  4. Update the Name field to be: SovLabs DNS configuration (case sensitive)

    View screenshot
  5. Click Finish to save
  6. Repeat for all applicable vRA tenants

4.3.3 Upgrade to new SovLabs Plugin

If installing in an environment with multiple vRO servers (clustered) on vRA 7.1 and earlier, the plugin must be installed on all of the vRO servers.
Please ensure that the SovLabs plugin has been installed on all vRO servers and that the vRO service has been restarted on all of them.

SovLabs generates event broker subscriptions (EBS) where appropriate for each module licensed. Priority codes for these subscriptions are noted here .

All SovLabs subscriptions are removed and regenerated as part of the upgrade process.

Any adjustments to the priority codes for the SovLabs EBS post install will need to re-adjusted after an upgrade.

  1. Download and install the new SovLabs plugin (Section 4.1)
  2. Open the vRO client
  3. Login to the vRO server
  4. Click on the Design mode, located near the top-left corner of the client
  5. Click on the Workflows tab
  6. Run vRO workflow: SovLabs/Configuration/SovLabs Configuration

    The SovLabs Configuration workflow only needs to be run on one vRO in a clustered environment

  7. Fill out the SovLabs Configuration workflow form appropriately:
    FieldInstructions
    SovLabs EULAAccept the SovLabs EULA
    Main Configuration
    vRA Tenant Name for SovLabs Service and Catalog Items Select the appropriate tenant
    Business Group Name to be associated with the SovLabs vRA Catalog Service Select the appropriate business group
    Create SovLabs vRA Catalog Service? Select 'No'
    Publish License Content? Select 'No'
    Upgrade Options
    Upgrade existing SovLabs vRA content? Select 'Yes'
    Lifecycle Configuration - Install/Upgrade
    Install or Update SovLabs workflow subscriptions (vRA7.x)? Select 'Yes'

    *Enables vRA to call vRO during machine lifecycles

    View SovLabs vRA Event Subscriptions

  8. Click Submit
  9. Verify that the SovLabs Configuration workflow completed successfully
  10. Verify the SovLabs Plugin
  11. Add the new single SovLabs license & begin!

4.3.4 Rollback to previous SovLabs Plugin

Only perform the following in the event that a rollback is necessary

Download instructions


5.1 Verify via vRO

  1. Open the vRO client
  2. Login to the vRO server
  3. Click on the Design mode, located near the top-left corner of the client
  4. Click on the Inventory tab
  5. Verify that the SovLabs vRA Extensibility Modules plugin exists

5.2 Verify via vRA

  1. Login to the desired vRA tenant
  2. Click on the Catalog tab
  3. Verify that the Add License - SovLabs Modules catalog exists


Add SovLabs License and Begin!