Initial Configuration of vRealize Automation 7

vRealize Automation 7 (vRA 7) has lot of enhancements and changes compare with vRA 6. There are plenty of introductions available in internet. The initial configuration is different with vRA 6. I’m going to share my experience. You can easily build up LAB or POC by following this post.

[do_widget “Language Switcher” wrap=aside title=false]

In the last step of installation wizard, I don’t select the option to create initial contents. The pre-build initial contents somehow confused me. So once the installation is completed, you should login by the account administrator. It’s same function with SSO administrator account of vRA 6.

Edit the default tenant after login.

Add a new account in Local users tab.

Search the account and add it to both tenant and IaaS administrators role in Administrators tab.

Logout and login by the new account.

Go to Administration -> Directories Management -> Directories. Add a new directory.

The Active Directory (Integrated Windows Authentication) option does not work for me. It always gives me error message below.

Connector communication failed because of invalid data: The specified Bind DN and password could not be used to successfully authenticate against the directory.

Go to next page. Make sure you select the proper domain.

The next page show attribute mapping of VMware Identity Manager and Active Directory. You can keep it default setting unless you want to bring some special attribute from AD to VIM.

The next page you can select groups you want to sync from AD to VMware Identify Manager. Since vRealize Automation 7 retrieves credentials from VMware Identify Manager instead of Active Directory directly. So it’s better you select all groups you may want to use on vRA in future.

For example, my domain groups locate in contoso.com/Customized/Groups/, the group DN is OU=Groups,OU=Customized,DC=CONTOSO,DC=COM.

Click Find Groups button after that. vRA shows you groups it find. Then click the More than xxxx link below to find and select groups if you want to sync particular groups, or you can just check Select All option to sync all groups under the DN.

Following screenshot shows how to select particular group after click More than xxx option on above screenshot.

Next page requests you input the DN that contains domain account that you want to sync, similar like group DN.

You may see warning below if you are syncing a large Active Directory. Choose according to your reality.

Logout and login again by Administrator@vsphere.local once the initial syncing is completed.

Go to Tenants again to adding domain groups or users to Administrators group.

Now the vRealize Automation 7 is ready to go with full administrator permission by domain account.

Advertisements

5 thoughts on “Initial Configuration of vRealize Automation 7

  1. this-guy

    Mine works with IWA, but it never syncs and after a while my identity provider workspace disappears and have to redo the process

    Reply
  2. Kapil Jha

    Thanks a lot, I was stuck with this for few days, and not even VMWare enginner knows about it.
    you saved the day.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s