How to configure vCAC 6.2 LAB on VMware Workstation 11 – Part 3

VMware vRealize Automation 6.2 Configuration

vCAC configuration is little complicate. I’ll separate to vCAC server, IaaS, vCAC itself and VCO configurations, 4 sections.

vCAC Server Configuration

We will configure network, then regenerate SSL and import SN, and eventually connect vCAC with vCenter SSO.

  1. Open vCAC Appliance page by the address (https://x.x.x.x:5480) you get from vCAC virtual machine console. (vCAC default account is root, you have entered password in first boot)
  2. Go to NetworkAddress – Set to Static – Set networking and click Save Settings. Wait about 1 minutes then connect vCAC Appliance page by new IP address. Reboot if you can open the page.
  3. Login to command line in vCAC virtual machine console after rebooting. Try ping FQDN of vCAC server, you have to try several times if it cannot resolve to new IP address.
  4. Login vCAC Appliance page after ping works. Click vRA SettingsHost Settings – Choose Update Host – Enter vCAC FQDN in Host Name – Choose Generate Certificate – Enter vCAC FQDN in Common Name – Enter vmware in Organization and Organization Unit – Enter US in Country Code – Click Save Settings. You should see Host and SSL Certificate have been successfully configured if SSL generated correctly.
  5. Click vRA SettingsSSO – Enter FQDN of vCenter Server in SSO Host – Enter password of Administrator@vSphere.local of vCenter Server then click Save Settings. Accept certificate and wait about 10 minutes it will show you successfully connected to SSO server.
  6. Click vRA SettingsLicensing – Enter vCAC SN.
  7. Click Services – You will see 27 services after about 10 minutes.
  8. Open vCAC homepage (https://vCAC.contoso.com), click vRealize Automation Console, login by Administrator@vSphere.local of vCenter Server.
  9. vCAC is ready if you can login and no any error message.

IaaS Configuration

It’s actually how to install IaaS service. Please make sure you read my vCAC build articles otherwise following steps will be failed.

  1. RDP to IaaS server by domain admins.
  2. Re-install MSDTC component. Run command msdtc –uninstall, then run msdtc –install.
  3. Modify MSDTC.
    1. Click StartAdministrative ToolsComponent Services – Expand Component ServicesComputersMy ComputerDistributed Transaction Coordinator.
    2. Right click Local DTCPropertiesSecurity tab – Click Network DTC Access, Allow Inbound and Allow Outbound.
  4. Open vCAC homepage (https://vCAC.contoso.com) – Click vRealize Automation IaaS installation page – Download IaaS installer.
  5. Launch IaaS installer.
  6. Log In section. Credential is vCAC root.
  7. Installation Type section. Choose Complete Install.
  8. Running the Prerequisite Checker section. Complete the settings by following up wizard and disable Windows firewall. Click Check Again then go next. If cannot pass check, please select firewall option and click Bypass button.
    1. When you configure Providers of Windows Authentication in IIS, please make sure NTLM is top one. vCAC shows error if sequence is wrong:Exception occured when retrieving work from VRM: The HTTP request is unauthorized with client authentication scheme ‘Anonymous’. The authentication header received from the server was ‘Negotiate,NTLM’. Inner Exception: The remote server returned an error: (401) Unauthorized.
    2. MSDTC has been configured on step 3, please make sure you also configured same on SQL Server (We have talked in vCenter Server Configuration). vCAC shows error if it’s not configured on SQL Server:
      DataBaseStatsService: ignoring exception: Error executing query usp_SelectAgent Inner Exception: Error executing query usp_SelectAgentCapabilities
  9. Microsoft SQL Server Database Installation Information section. Keep all default settings, but enter vCenter Server FQDNVIM_SQLEXP in Server. For example my server is VC01.contoso.comVIM_SQLEXP.
  10. Component Registry section. Click Load then Download button, then select Accept Certificate.
  11. SSO Administrator Credentials section. Enter Administrator@vSphere.local credential of vCenter Server.
  12. Click the two Test button.
  13. Wait IaaS installed.
  14. Restart IaaS server then restart IIS service.

vCAC Configuration

We will talk about vCAC configuration in this section

  1. Open vCAC homepage (https://vCAC.contoso.com) by IE or Chrome. Click vRealize Automation console then login by Administrator@vSphere.local of vCenter Server.
  2. Click AdministrationTenantsvsphere.localAdministrators tab – Search and add Domain Admins in Tenant administrators and Infrastructure administrators both, then click Update button to save.
  3. Quick and login vRealize Automation console again by Administrator@contoso.com.
  4. Go to InfrastructureAdministration – Licensing – Click Add License and add SN.
  5. Go to InfrastructureEndpoints EndpointsNew EndpointVirtual – vSphere (vCenter).
  6. I assume you build LAB by follow my articles. Name is vCenter, Address is https://vc01.contoso.com/sdk and choose Integrated in Credentials.
  7. Create Fabric Group. Click Infrastructures – Groups – Fabric Groups – New Fabric Group.
  8. I assume you build LAB by follow my articles. Name is CONTOSO and Fabric administrators is Domain Admins@contoso.com.
  9. Re-login vRealize Automation console by Administrator@contoso.com.
  10. Edit the Fabric Group you just created. Click Infrastructures – Groups – Fabric Groups – Edit CONTOSO – Choose Farm01 in Compute resources.
  11. Grant full permission to Administrator@contoso.com. Click Administration – Users & Groups – Identity Store Users & Groups – Search Domain Admins in search box in top right – Click Domain Admins – Add all roles in Add Roles to this Group in Detail tab – Click Update.
  12. vCAC configuration is completed.

VCO Configuration

I used native VCO of vCAC to save computing resource. It also brings me a benefit that it’s already integrated with vCAC.

  1. Login vCAC command line in virtual machine console.
  2. Run command service vco-configurator start to start VCO service.
  3. Open vCAC homepage (https://vcac.contoso.com/) – Click vRealize Orchestrator Configurator – Enter default account and password vmware. ( Please reboot vCAC virtual machine if you cannot login, then repeat step 2 and 3 )
  4. Login VCO Configurator – Click startup options – Wait Status change to Running.
  5. Change VCO SSO setting. Left navigator AuthenticationSSO Configuration – Choose CONTOSO.COM in SSO domain – Choose contoso.com Domain Admins in vRO Admin – Click Update Orchestrator Configuration.
  6. Add VCO administrator. Login vCenter Server by vSphere Web Client – Left navigator AdministrationSingle Sing-OnUsers and GroupsGroups tab – Add Domain Admins of CONTOSO.COM to vcoadmins (It’s not VCOAdministrators).
  7. Open vCAC homepage (https://vcac.contoso.com/), click vRealize Automation console, login by Administrator@contoso.com.
  8. Click Advanced Services tab – Endpoints – Click Add.
    1. Choose vCenter Server in Plug-in.
    2. Name is VC01
    3. IP or host name of the vCenter Server instance to add is vCenter Server FQDN: vc01.contoso.com
    4. User name of the user…connect to the vCenter Server instance is Administrator@contoso.com credential.
    5. Keep default to rest of settings.
  9. Now VCO, vCAC and vCenter Sever are integrated.

Summary

We have completed basic build and deployment of VMware vRealize Automation 6.2. I grant all permissions to my domain administrator since I want to have a simple and fast testing environment. The Administrator@contoso.com is domain administrator, vCenter Server administrator, vCAC administrator and Farm01 resource administrator. There are multiple permission layers in vCAC, I’ll share in other articles.


Serials of How to build/configure vCAC 6.2 LAB on VMware Workstation 11 (系列文章):

How to Build vCAC 6.2 LAB on VMware Workstation 11 – Part 1
How to Build vCAC 6.2 LAB on VMware Workstation 11 – Part 2
How to Build vCAC 6.2 LAB on VMware Workstation 11 – Part 3

How to configure vCAC 6.2 LAB on VMware Workstation 11 – Part 1
How to configure vCAC 6.2 LAB on VMware Workstation 11 – Part 2
How to configure vCAC 6.2 LAB on VMware Workstation 11 – Part 3


 *** Chinese Version ***

VMware vRealize Automation 6.2配置

vCAC的配置稍微复杂点儿。我将分vCAC服务器、IaaS、vCAC应用、VCO的配置共4部分分享给大家。

vCAC 服务器配置

我们将先配置网络,然后重新生成SSL,然后导入序列号、最后把vCAC和vCenter SSO连接起来。

  1. 根据vCAC虚拟机控制台界面上DHCP获得的地址打开vCAC配置页面(https://x.x.x.x:5480)。vCAC默认帐号为root。
  2. Network -> Address -> 设定为Static -> 设定好网络点击Save Settings。等待大约1分钟后,尝试用新的IP连接vCAC配置页面,如果可以连接,重启vCAC虚拟机。
  3. 重启后从虚拟机控制台登录vCAC命令行,尝试ping vCAC的FQDN,如果无法ping通,需要重复上一步。直到能ping通为止。
  4. 能ping通后登录vCAC配置页面,点击vRA Settings -> Host Settings -> 选择Update Host -> Host Name输入vCAC的FQDN -> 选择Generate Certificate -> Common Name输入vCAC的FQDN -> OrganizationOrganization Unit输入vmware -> Country Code输入US -> 点击Save Settings。如果设定成功会提示Host and SSL Certificate have been successfully configured
  5. 点击vRA Settings -> SSO -> SSO Host输入vCenter Server的FQDN -> 输入vCenter Server的Administrator@vSphere.local的密码,然后点击Save Settings,确认vCenter SSO Server的证书后等待大约10分钟会提示连接SSO成功。
  6. 点击vRA Settings -> Licensing -> 输入vCAC的序列号。
  7. 点击Services -> 等待大约10分钟你应该最终看到27个服务。
  8. 用浏览器打开vCAC主页(https://vCAC.contoso.com),点击vRealize Automation Console,用vCenter Server的默认管理员帐号Administrator@vSphere.local登录。
  9. 如果你能够看到正常的管理界面,至此vCAC配置完毕。

IaaS服务配置

vCAC的IaaS配置主要是IaaS的安装过程,以下分享我的安装流程。请确保你按照我上一篇关于vCAC实验环境安装的文章安装了IaaS服务器,否则以下步骤无法完成。

  1. 用域管理员帐号登录IaaS服务器。
  2. 重新安装MSDTC组件。在命令行运行msdtc -uninstall,然后运行msdtc -install
  3. 修改MSDTC。
    1. 点击Start -> Administrative Tools -> Component Services -> 展开Component Services ->Computers -> My Computer -> Distributed Transaction Coordinator
    2. 右键点击Local DTC -> Properties -> Security标签 -> 勾选 Network DTC AccessAllow InboundAllow Outbound
  4. 在IaaS服务器上打开vCAC主页(https://vCAC.contoso.com),点击vRealize Automation IaaS installation page进入IaaS安装页面,下载IaaS安装包。
  5. 启动IaaS安装程序。
  6. Log In 页面的帐号和密码是配置vCAC时用的root帐号和密码。
  7. Installation Type页面,选择Complete Install
  8. Running the Prerequisite Checker页面,根据向导把还未设定的内容设定完毕。防火墙关闭掉。设定完毕后,点击Check Again重新检查一遍。如果防火墙无法通过,选择防火墙选项,点击Bypass按钮。
    1. 此处特别注意在配置IIS的Windows AuthenticationProviders时,NTLMNegotiate之前。如果顺序错了会导致vCAC报错误:
      Exception occured when retrieving work from VRM: The HTTP request is unauthorized with client authentication scheme ‘Anonymous’. The authentication header received from the server was ‘Negotiate,NTLM’. Inner Exception: The remote server returned an error: (401) Unauthorized.
    2. MSDTC已经在之前的步骤配置过了,这里要说的是你也需要在SQL Server上配置此处(vCenter Server配置部分已提到),否则会导致vCAC报错:
      DataBaseStatsService: ignoring exception: Error executing query usp_SelectAgent Inner Exception: Error executing query usp_SelectAgentCapabilities
  9. Microsoft SQL Server Database Installation Information区域,保持默认选项,Server要填写vCenter Server FQDNVIM_SQLEXP,例如我的写的是VC01.contoso.comVIM_SQLEXP
  10. Component Registry区域,依次点击Load按钮和Download按钮 ,选择Accept Certificate
  11. SSO Administrator Credentials区域,输入vCenter ServerAdministrator@vSphere.local和密码。
  12. 点两个Test按钮。
  13. 等待完成IaaS组件的安装。
  14. 重启IaaS服务器 ,然后重启 IIS服务。

vCAC 配置

本节我将分享vCAC程序的配置。

  1. 用IE或者Chrome打开vCAC主页(https://vCAC.contoso.com),点击vRealize Automation console并使用vCenter Server默认SSO管理员Administrator@vSphere.local登录。
  2. 点击AdministrationTenantsvsphere.localAdministrators标签 – 分别在Tenant administratorsInfrastructure administrators搜索Domain Admins并添加,点Update按钮保存。
  3. 退出并重新用Administrator@contoso.com登录vRealize Automation console
  4. 点击InfrastructureAdministration – Licensing – 点击Add License按钮并添加序列号。
  5. 点击InfrastructureEndpoints EndpointsNew EndpointVirtual – vSphere (vCenter)
  6. 如果你按照我的系列文章搭建了实验环境,则Name输入vCenterAddress输入https://vc01.contoso.com/sdkCredentials选择Integrated
  7. 创建Fabric Group。点击Infrastructures – Groups – Fabric Groups – New Fabric Group
  8. 如果你按照我的系列文章搭建了实验环境,则Name输入CONTOSOFabric administrators输入Domain Admins@contoso.com
  9. 退出并重新用Administrator@contoso.com登录vRealize Automation console
  10. 编辑刚创建的Fabric Group。点击Infrastructures – Groups – Fabric Groups – 编辑CONTOSO – Compute resources中选择Farm01。
  11. 赋予Administrator@contoso.com最高权限。点击Administration – Users & Groups – Identity Store Users & Groups – 右侧搜索栏搜索Domain Admins – 点击搜索到的Domain Admins组 – 在Detail标签的Add Roles to this Group下选择所有角色 – 点击Update按钮保存设定。
  12. 至此vCAC配置完毕。

VCO配置

为了节约资源,我采用vCAC内置的VCO组件,另外还有个好处是自带的VCO已经和vCAC整合好了,配置起来比较简单。

  1. 从vCAC虚拟机的控制台界面登录命令行。
  2. 启动VCO服务。运行命令service vco-configurator start
  3. 用IE或Chrome打开vCAC主页(https://vcac.contoso.com/),点击vRealize Orchestrator Configurator打开VCO Configurator,默认帐号和密码 都是vmware。(如果无法登录,重启vCAC虚拟机 ,重复步骤2、3。)
  4. 登录VCO Configurator后,点击startup options,等待Status变为Running
  5. 更改VCO SSO设定。点击左侧导航栏AuthenticationSSO ConfigurationSSO domain选择CONTOSO.COMvRO Admin选择contoso.com Domain Admins – 点击Update Orchestrator Configuration按钮。
  6. 添加域管理员为VCO管理员。用vSphere Web Client登录vCenter Server,左侧导航栏AdministrationSingle Sing-OnUsers and GroupsGroups标签 – 把CONTOSO.COM域的Domain Admins组加入vcoadmins(此处不是VCOAdministrators)。
  7. 用IE或Chrome打开vCAC主页(https://vcac.contoso.com/),打开vRealize Automation console并用Administrator@contoso.com登录。
  8. 添加高级服务Endpoints。点击AdministrationAdvanced ServicesEndpoints – 点击Add按钮。
    1. Plug-in选择vCenter Server
    2. Name填写VC01
    3. IP or host name of the vCenter Server instance to add填写vCenter Server的FQDN:vc01.contoso.com
    4. User name of the user…connect to the vCenter Server instance填写Administrator@contoso.com以及密码。
    5. 其他保持默认不变
  9. 至此VCO与vCAC以及vCenter Server的整合完毕 。

结语

VMware vRealize Automation 6.2 的实验环境到此基本搭建和配置完毕 。由于vCAC权限层级较多,在我的实验环境里我只是简单的给域管理员分配了最大权限以求简单快速实现各个功能模块。这里Administrator@contoso.com是域管理员、vCenter Server的管理员、vCAC的系统管理员以及Farm01资源的管理员。在未来的实验中基本用这一个帐号可以测试所有的功能。有关vCAC基础架构等的介绍我会在其他文章中分享。

Advertisements

Author: Wu

VCP, MCSE, CCNA

3 thoughts on “How to configure vCAC 6.2 LAB on VMware Workstation 11 – Part 3”

  1. Great installation guide. In #8 of the IaaS Configuration, I set NTLM first for the default web site in IIS, however I am still getting the message 401 unauthorized message. Any ideas?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s