Part-1: Deploy a Clustered vRealize Automation 8

Posted on by

In this series of blog posts we will talk about the steps involved in deploying a Clustered Production-Ready vRealize Automation Environment enabled with Multi-Tenancy. We have divided this series into 4 blog posts which will be as follows:

Part-1: Configure Load Balancer for vRA 8 and vIDM
Part-2: Deploy vRSLCM, vRA and vIDM Appliances using Easy Installer
Part-3: Scale-Out VMware Identity Manager Deployment
Part-4: Enable Multi-Tenancy for vRealize Automation 8 Deployment

VMware solutions which we will deploy in this 4 – Blog series are as follows:

1. vRealize Suite Lifecycle Manager 8
2. VMware Identity Manager 3.3.4
3. vRealize Automation 8

Part-1: Configure Load Balancer for vRealize Automation 8 and VMware Identity Manager

In this post we are going to talk about one of the Primary requirement to deploy a clustered vRealize Automation deployment with Multi-Tenancy, which is, Setting up your Load Balancer. We are using NSX-V for our setup but you can use NSX-T, F-5 or Citrix Netscaler.
We are assuming that you already have your Active Directory and DNS configured.

Before we begin setting up our Load Balancer we need to perform the following pre-requisites:

  1. We need 11 IP Addresses and 12 DNS entries.
    1. vRSLCM (A-Type Record) – 1 IP Address and DNS Record
      vrslcm.mycloud.lab – 192.168.10.11
    2. vRA- 3 IP Addresses for vRA Appliances and 1 vRA-LB IP with DNS Records
      vra.mycloud.lab (A-Type Record) – 192.168.10.12 (vRA LB IP Address)
      vra1.mycloud.lab (A-Type Record) – 192.168.10.13
      vra2.mycloud.lab (A-Type Record) – 192.168.10.14
      vra3.mycloud.lab (A-Type Record) – 192.168.10.15
    3. vIDM – 3 IP Addresses for vIDM Appliances and 1 vIDM-LB IP with DNS Records
      We will also need 1 IP Address for vIDM Postgres replication
      vidm.mycloud.lab (A-Type Record) – 192.168.10.16 (vIDM LB IP Address)
      vidm1.mycloud.lab (A-Type Record) – 192.168.10.17
      vidm2.mycloud.lab (A-Type Record) – 192.168.10.18
      vidm3.mycloud.lab (A-Type Record) – 192.168.10.19
      Internal vIDM Postgres IP Address – 192.168.10.20
    4. Load Balancer Interface IP Address – 192.168.10.21
    5. DNS Entry for Default Tenant
      tenant.mycloud.lab (A-Type Record) – 192.168.10.16
      tenant1.mycloud.lab (A-Type Record) – 192.168.10.16
    6. Multi-Tenancy DNS Entries:
      tenant1.vra.mycloud.lab (CNAME Record) – vra.mycloud.lab

Now we re ready to configure our Load Balancer in NSX-V, the steps to configure NSX-V LB are as follows:

1. Deploy a new NSX-V Edge Services Gateway with High Availability.

NSX Edge Services Gateway Deployment – Basic Details Screen

2. Enter the Admin Password for your Edge Services Gateway and enable SSH.

NSX Edge Services Gateway Deployment – Settings Screen

3. We have selected the Appliance size as Large for our Edge Service Gateway. You can select the Appliance size as per your requirement.

NSX Edge Services Gateway Deployment – Deployment Configuration Screen

4. Specify the placement for your Edge Services Gateway Appliances by clicking on Add Edge Appliance VM.

NSX Edge Services Gateway Deployment – Edge Placement Screen

5. Now we need configure an Interface to the uplink for Edge Services Gateway.

NSX Edge Services Gateway Deployment – Configure Interfaces Screen

6. Enter the Name for the Interface, Select the Port Group and enter the Primary and Secondary IP Addresses. Primary IP Address should be your Load Balancer Interface IP and Secondary IP Addresses should be the Load Balancer IPs for your vRA & vIDM.

NSX Edge Services Gateway Deployment – Configure Subnets for Interface Screen

7. Enter the Default Gateway IP for your Interface.

NSX Edge Services Gateway Deployment – Deafult Gateway Screen

8. Keep the Firewall Deafault Policy values to as is.

NSX Edge Services Gateway Deployment – Firewall Deafult Policy Screen

9. Leave the High Availability values to default and click Next.

NSX Edge Services Gateway Deployment – High Availability Screen

10. Review your configuration and click Finish.

NSX Edge Services Gateway Deployment – Review Configuration Screen

Once your Edge Services Gateway has been deployed, we will proceed with the rest of the configuration.

1. Stop the Firewall for your Edge Services Gateway.

NSX Edge – Stop NSX Edge Firewall Screen

2. Enable Load Balancer and Logging on NSX Edge.

NSX Edge – Load Balancer Global Configuration Screen

3. Create 2 Application Profiles, One for vRealize Automation8 and one for VMware Identity Manager with type SSL Passthrough.

NSX Edge – Load Balancer Application Profiles Screen
NSX Edge – Application Profile for vRealize Automation Screen
NSX Edge – Application Profile for VMware Identity Manager Screen

4. Create 2 Service Monitors, One for vRealize Automation and one for VMware Identity Manager.Create 2 Service Monitors, One for vRealize Automation and one for VMware Identity Manager.

vRealize Automation Service Monitor:
Name: vRealize Automation8
Interval: 3
Timeout: 10
Max Retries: 3
Type: HTTP
Expected: 200
Method: GET
URL: /health

NSX Edge – Service Monitor for vRealize Automation Screen

VMware Identity Manager Service Monitor:
Name: VMware Identity Manager
Interval: 3
Timeout: 10
Max Retries: 3
Type: HTTPS
Expected: 200
Method: GET
URL: /SAAS/API/1.0/REST/system/health/heartbeat

NSX Edge – Service Monitor for VMware Identity Manager Screen

5. Now we will create 2 Pools of Member Servers, One for vRealize Automation and one for VMware Identity Manager.

vRealize Automation Pool:
Name: pool_vra8
Algorith: LEASTCONN
Monitors: vRealize Automation8

NSX Edge – Pool Configuration for vRealize Automation Screen

vRealize Automation Pool Members:
Members: vra1, vra2 and vra3
IP Addresses: 192.168.10.13, 192.168.10.14 and 192.168.10.15
Monitor Port: 8008
Port: 443

NSX Edge – vRealize Automation Pool Members Screen

VMware Identity Manager Pool:
Name: pool_vidm
Algorith: LEASTCONN
Monitors: VMware Identity Manager

NSX Edge – VMware Identity Manager Pool Configuration Screen

VMware Identity Manager Pool Members:
Members: vidm1, vidm2 and vidm3
IP Addresses: 192.168.10.17, 192.168.10.18 and 192.168.10.19
Monitor Port: 443
Port: 443

NSX Edge – VMware Identity Manager Pool Members Screen

6. The last step in the process of setting up our Load Balancer is to create 2 Virtual Servers, again one for vRealize Automation and one for VMware Identity Manager.

vRealize Automation Virtual Server:
Virtual Server: Enable
Acceleration: Disable
Application Profile: vRealize Automation8
Name: vs_vra8-va
IP Address: 192.168.10.12
Protocol: HTTPS
Default Pool: pool_vra8

NSX Edge – vRealize Automation Virtual Server Screen

VMware Identity Manager Virtual Server:
Virtual Server: Enable
Acceleration: Disable
Application Profile: VMware Identity Manager
Name: vs_vidm-va
IP Address: 192.168.10.16
Protocol: HTTPS
Default Pool: pool_vidm

NSX Edge – VMware Identity Manager Virtual Server Screen

There is actually one more step where we need to import a Certificate for the Load Balancer in NSX Edge Services Gateway but we will discuss about that step in Part-3: Scale-Out VMware Identity Manager Deployment of this series. For steps related to NSX-T, F5 Big-IP and Citrix Netscaler configurations please visit vRealize Automation 8 Load Balancing Guide.

In Part-2 of this Blog post series Part-2: Deploy vRSLCM, vRA and vIDM Appliances using Easy Installer, we will discuss the process to deploy vRealize Suite Lifecycle Manager 8, vRealize Automation 8 and VMware Identity Manager Appliances using Easy Installer. Stay Tuned.

1 thought on “Part-1: Deploy a Clustered vRealize Automation 8

  1. Hi
    Thank you for the detailed installation I have one question concerned the deployment of IDM in passthrough mode because in the official VMware it doesn’t speak about this mode but speak only with LB termination is the Persistence mode and HTT Profile not necessary ? I used the two option as explained VMware document with F5 LB abut I faced some authentication problems l between vra and IDM ?
    Regards

    Reply

Leave a Reply