VMware Aria Operations – Backup & Export Configuration

Featured

Posted on May 21, 2024 by Aman Sapra

In this blog we have covered the 2 methods of taking Backup of your VMware Aria Operations (vRealize Operations Manager) configuration.

VMware Aria Operations introduced a feature called Content Management in version 8.2 back in October 2020.

Content Management helps the Customers to Backup and Export their configuration of VMware Aria Operations which can be further used to restore the configuration like Dashboards, Views, Report Templates, Supremetrics and a lot more in case you run into issues with the deployment.

We have covered two methods of taking a Backup and Export of VMware Aria Operations Configuration – First one, using the Content Management Tab under Administration in VMware Aria Operations UI and Second one, using a Python Script which makes use of the native APIs of Aria Operations.

Python script which we have developed has been tested on Python 3.10.10 version and Aria Operations 8.10 version. This script can also be scheduled as a Scheduled Task to take periodic configuration backups.

Method -1: Content Management Tab under Administration in VMware Aria Operations UI

Method -2: Python Script which uses native APIs of Aria Operations

#!/usr/local/bin python3

import requests, json, urllib3, datetime, time, os, zipfile, shutil

from requests.auth import HTTPBasicAuth
from datetime import datetime


urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

base_url = 'https://vrops80-weekly.cmbu.local/suite-api/api'
token_url = base_url + '/auth/token/acquire'
headers =  {"Content-Type":"application/json", "Accept":"application/json"}
body = {
    "username": "admin",
    "password": "VMware1!",
    "authSource": "local"
    }

token_api_response = requests.post(token_url, headers=headers, json=body, verify=False)

token_api_response = token_api_response.json()

vRealize_ops_token = token_api_response["token"]

print("vRealize Ops Token: " + vRealize_ops_token)

content_export_request_url = base_url + '/content/operations/export/'

headers = {"Content-Type":"application/json", "Accept":"application/json", "EncryptionPassword": "Aman@123456789", "Authorization": "vRealizeOpsToken " + vRealize_ops_token}

body = {
  "scope" : "CUSTOM",
  "contentTypes" : [ "DASHBOARDS", "VIEW_DEFINITIONS", "REPORT_DEFINITIONS", "REPORT_SCHEDULES", "CONFIG_FILES", "ALERT_DEFINITIONS", "SYMPTOM_DEFINITIONS", "RECOMMENDATION_DEFINITIONS",  "NOTIFICATION_RULES", "PAYLOAD_TEMPLATES", "POLICIES", "CUSTOM_GROUPS", "SUPER_METRICS", "COMPLIANCE_SCORECARDS", "AUTH_SOURCES", "USERS", "USER_GROUPS", "ROLES", "INTEGRATIONS", "HTTP_PROXIES", "OUTBOUND_SETTINGS", "COST_DRIVERS", "SDMP_CUSTOM_SERVICES", "SDMP_CUSTOM_APPLICATIONS", "DISCOVERY_RULES", "APP_DEF_ASSIGNMENTS", "CUSTOM_PROFILES", "GLOBAL_SETTINGS"  ],
  "Password" : "12345"
  }

content_export_response = requests.post(content_export_request_url, headers=headers, json=body, verify=False)

content_export_response = content_export_response.json()

print("Sleeping for 60 seconds")

time.sleep(60)

export_zip_url = base_url + '/content/operations/export/zip'

headers = {"Content-Type":"application/json", "Accept":"application/json", "Authorization": "vRealizeOpsToken " + vRealize_ops_token}

export_zip_response = requests.get(export_zip_url, headers=headers, verify=False)

current_datetime = datetime.now()
str_current_datetime = str(current_datetime)
file_name = "./vROpsContentBackup/" + str_current_datetime+".zip"
print(file_name)
with open(file_name, 'wb') as zipFile:
    zipFile.write(export_zip_response.content)

For the detailed process to Backup and Export VMware Aria Operations Configuration please watch our video:

https://youtu.be/vw9rAptX_0U

I hope this blog was informative for you, stay tuned for our upcoming blogs. Happy Learning!!

#vmware #aria #operations #vROps #manager #content #management #public #private #hybrid #cloud #backup #export

Single Sign-On Configuration for VMware vRealize Suite

Featured

Posted on April 4, 2024 by Aman Sapra

In vRealize Automation 8.X, Easy Installer deploys a vIDM appliance which is used for Authentication by vRealize Automation whether you choose a Standalone deployment or a Clustered deployment. As we already have an external vIDM appliance as part of our vRA 8.X deployment, we can use it for configuring Single Sign-On for VMware vRealize Suite products.

Single Sign-On configuration is supported in 7.X versions of vRealize Suite products as well but we need an external VMware Identity Manager which most of the customers do not deploy. vRealize Automation 7.X Appliances also include an embedded version of VMware Identity Manager, even though we can enable the UI for the embedded vIDM using the command vcac–vami horizon ui enable but there is no documentation suggesting that making changes directly to VMware Identity Manager is supported by VMware.

In this post we will discuss the process of configuring Single Sign-On for vRealize Suite 8.X version products. In this article I am assuming that an Active Directory domain has already been configured in VMware Identity Manager.

vRealize Automation:

1. Login to VMware Identity Manager and click on Web Apps under the Catalog section.

VMware Identity Manager Web Apps Section

2. Click on New to configure vRealize Automation Web Application Link.

Creating a New Web Application Link in Identity Manager

3. In the Name section enter vRealize Automation 8.X (vRA) and upload an Icon file for vRealize Automation.

vRealize Automation Web App Configuration

4. Leave the Category section blank and click Next.

5. In Authentication Type select Web Application Link and type https://vRA_FQDN/csp/gateway/portal/#/consumer in Target URL.

Target URL for vRealize Automation Web App

5. Click Next and then click Save.

6. Now the only task left is to assign this App to Active Directory users who already have access to vRealize Automation. Select the newly created Application and Click on Assign.

Assign vRealize Automation Web App to Users/Groups

5. Search the name of Users/User Groups to publish the App, select the Deployment type as Automatic and click Save.

*Assign vRealize Automation Web App Enterprise Admins Group*

6. Next time the user authenticates with vIDM and goes to User Portal, he/she will be able to see the newly published vRA 8.X Application.

Access VMware Identity Manager User Portal

7. Next time the user authenticates with vIDM and goes to User Portal, he/she will be able to see the newly published vRA 8.X Application.

Launch vRealize Automation Web App from vIDM Catalog

8. Once the user clicks on Open on this App, user will be authenticated & re-directed to vRealize Automation portal.

vRealize Log Insight:

1. Before publishing vRealize Log Insight as an App in VMware Identity Manager we need to configure vIDM as an Authentication Source in vRealize Log Insight and we need to obtain the Target URL.

2. Login to vRealize Log Insight. Click on Administration and Under Authentication enter the details of your vIDM.

Configure vRealize Log Insight to use VMware Identity Manager for Authentication

3. Provide access to VMware Identity Manager Users/User Groups in Administration section under Access Control > Users and Groups.

4. In order to obtain the Target URL, logout from vRealize Log Insight & logout from vIDM and select System Domain.

5. Open vRealize Log Insight in a new Tab, select VMware Identity Manager from the Drop-down and click on Login via SSO.

vRealize Log Insight Target URL for VMware Identity Manager

6. You’ll be redirected to VMware Identity Manager for login. Copy the URL from the Address Bar of the browser. URL will look something like:
https://idm01.mydomain.lab/SAAS/auth/login?dest=https://idm01.mydomain.lab/SAAS/auth/oauth2/authorize?response_type%3Dcode%26client_id%3Dbabc6f64a70-2c7c-4c5a-867f-bc631327f5dc%26redirect_uri%3Dhttps://192.168.113.112/login&chainedauthMethods
=%5B%7B%212chainedAuthmethods%212:%5B%7B%22authMethoId%22:15,%212a
uthMethodOrder%22:13%7D%5D%7D,%7B%22chainedAuthmethods%22:%5B%7B%
22authMethoId%22:3,%22authMethodOrder%22:1%7D%5D%7D%5D&ttl=28800

Capture *vRealize Log Insight Target URL for VMware Identity Manager*

7. URL highlighted in red is our Target URL for vRealize Log Insight. Follow the same process as vRealize Automation App and publish vRealize Log Insight for users using the vRealize Log Insight Target URL.

8. Now the users should be able to launch vRealize Log Insight App from vIDM User Portal & Authenticate using vIDM Single Sign-On.

vRealize Operations Manager:

1. For vRealize Operations Manager we need to follow the process similar to vRealize Log Insight. Configure vIDM as Authentication Source, Grant permissions to vIDM Users/Groups in vROps & obtain the Target URL.

2. Login to vRealize Operations Manager as an Admin user. Click on Administration and Under Authentication Sources click Add. Select Source Type as VMware Identity Manager and enter the details of your vIDM Appliance.

Configure VMware Identity Manager as Authentication Source in vRealize Operations Manager

3. Provide access to VMware Identity Manager Users/Groups by Importing them in Administration section under Access > Access Control > User Accounts and User Groups.

Import Users/Groups from VMware Identity Manager for Access Control in vRealize Operations Manager

4. In order to obtain the Target URL, logout from vRealize Operations Manager & logout from vIDM and select System Domain.

5. Open vRealize Operations Manager in a new Tab, select VMware Identity Manager from the Drop-down and click REDIRECT.

*vRealize Operations Manager Target URL for VMware Identity Manager*

6. You’ll be redirected to VMware Identity Manager for login. Copy the URL from the Address Bar of the browser. URL will look something like:

https://idm01.mydomain.lab/SAAS/auth/login?dest=https://idm01.mydomain.lab/SAAS/auth/oauth2/authorize?response_type%3Dcode%26client_id%3D0246fe54-d0a5-42ff-b3c1-f3d144b64519%26redirect_uri%3Dhttps://10.11.12.13/ui/vidmClient/vidm/&chainedauth
Methods=%5B%7B%22chainedAuthmethods%22:%5B%7B%22authMethoId%22:15,%
22authMethodOrder%22:13%7D%5D%7D,%7B%22chainedAuthmethods%22:%5B%7
B%22authMethoId%22:3,%22authMethodOrder%22:1%7D%5D%7D%5D&ttl=28800

We are only interested in Client ID highlighted in RED in the above link.

*Capture VMware Identity Manager* Client ID for vRealize Operations Manager

7. Replace the details of the below URL with your environment details and you’ll get Target URL for vRealize Operations Manager.

https://idm01.mydomain.lab/SAAS/auth/oauth2/authorize?response_type=code&client_id=3D0246fe54-d0a5-42ff-b3c1-f3d144b64519&redirect_uri=https://idm_ip_address/ui/vidmClient/vidm/

8. Follow the same process as vRealize Automation App and publish vRealize Operations Manager App for users using the vRealize Operations Manager Target URL.

9. Now the users should be able to launch vRealize Operations Manager App from vIDM User Portal & Authenticate using vIDM Single Sign-On.

vRealize Suite Lifecycle Manager:

1. For vRealize Suite Lifecycle Manager the process is fairly easy. We just need to provide users access to vLCM under Identity and Tenant Management and publish the Target URL.

2. Login to vRealize Suite Lifecycle Manager as an Admin user. Click on dentity and Tenant Management.

Identity and Tenant Management in vRealize Suite Lifecycle Manager

3. In Directory Management section, click on Directories click Add Directory by selecting Active Directory over LDAP.

Add Active Directory in vRealize Suite Lifecycle Manager

4. The process of Adding the Active Directory is same as vRealize Automation 7.X.

Active Directory over LDAP configuration in vRealize Suite Lifecycle Manager

5. Once Active Directory has been configured, provide relevant permissions to Users/Groups under User Management section.

User Management in vRealize Suite Lifecycle Manager

6. Replace the details of the below URL with your environment details and you’ll get Target URL for vRealize Suite Lifecycle Manager.

http://lcm01.mydomain.lab/lcm/login/vidm

8. The process of publishing vRealize Suite Lifecycle Manager App for users using the vRealize Suite Lifecycle Manager Target URL remains the same.

Note: The current versions of vCenter Server do not support VMware Identity Manager as an Identity Provider. NSX-T does support Single Sign-On configuration using vIDM.
For more details on integrating NSX-T with IDM, check out this blog.

The final catalog of your VMware Identity Manager will have Web Apps for all 4 vRealize Suite Components. Enjoy!!

VMware Identity Manager Signle Sign-On User Catalog

VMware Aria Operations – Backup & Export Configuration

Featured

Posted on June 22, 2023 by Aman Sapra

In this blog we have covered the 2 methods of taking Backup of your VMware Aria Operations (vRealize Operations Manager) configuration.

VMware Aria Operations introduced a feature called Content Management in version 8.2 back in October 2020.

Method -1: Content Management Tab under Administration in VMware Aria Operations UI

Method -2: Python Script which uses native APIs of Aria Operations

#!/usr/local/bin python3
import requests, json, urllib3, datetime, time, os, zipfile, shutil
from requests.auth import HTTPBasicAuth
from datetime import datetime
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
base_url = 'https://vrops80-weekly.cmbu.local/suite-api/api'
token_url = base_url + '/auth/token/acquire'
headers =  {"Content-Type":"application/json", "Accept":"application/json"}
body = {
    "username": "admin",
    "password": "VMware1!",
    "authSource": "local"
    }
token_api_response = requests.post(token_url, headers=headers, json=body, verify=False)
token_api_response = token_api_response.json()
vRealize_ops_token = token_api_response["token"]
print("vRealize Ops Token: " + vRealize_ops_token)
content_export_request_url = base_url + '/content/operations/export/'
headers = {"Content-Type":"application/json", "Accept":"application/json", "EncryptionPassword": "Aman@123456789", "Authorization": "vRealizeOpsToken " + vRealize_ops_token}
body = {
  "scope" : "CUSTOM",
  "contentTypes" : [ "DASHBOARDS", "VIEW_DEFINITIONS", "REPORT_DEFINITIONS", "REPORT_SCHEDULES", "CONFIG_FILES", "ALERT_DEFINITIONS", "SYMPTOM_DEFINITIONS", "RECOMMENDATION_DEFINITIONS",  "NOTIFICATION_RULES", "PAYLOAD_TEMPLATES", "POLICIES", "CUSTOM_GROUPS", "SUPER_METRICS", "COMPLIANCE_SCORECARDS", "AUTH_SOURCES", "USERS", "USER_GROUPS", "ROLES", "INTEGRATIONS", "HTTP_PROXIES", "OUTBOUND_SETTINGS", "COST_DRIVERS", "SDMP_CUSTOM_SERVICES", "SDMP_CUSTOM_APPLICATIONS", "DISCOVERY_RULES", "APP_DEF_ASSIGNMENTS", "CUSTOM_PROFILES", "GLOBAL_SETTINGS"  ],
  "Password" : "12345"
  }
content_export_response = requests.post(content_export_request_url, headers=headers, json=body, verify=False)
content_export_response = content_export_response.json()
print("Sleeping for 60 seconds")
time.sleep(60)
export_zip_url = base_url + '/content/operations/export/zip'
headers = {"Content-Type":"application/json", "Accept":"application/json", "Authorization": "vRealizeOpsToken " + vRealize_ops_token}
export_zip_response = requests.get(export_zip_url, headers=headers, verify=False)
current_datetime = datetime.now()
str_current_datetime = str(current_datetime)
file_name = "./vROpsContentBackup/" + str_current_datetime+".zip"
print(file_name)
with open(file_name, 'wb') as zipFile:
    zipFile.write(export_zip_response.content)

For the detailed process to Backup and Export VMware Aria Operations Configuration please watch our video:

I hope this blog was informative for you, stay tuned for our upcoming blogs. Happy Learning!!

#vmware #aria #operations #vROps #manager #content #management #public #private #hybrid #cloud #backup #export

Single Sign-On Configuration for VMware vRealize Suite

Featured

Posted on April 4, 2022 by Aman Sapra