Mar 11, 2016

VMware vRealize Automation 7 enterprise install


This guide we will walk you through the steps to install vRealize Automation 7 enterprise. I have split up every single role and made sure it is highly available. This might not necessarily be best practice as it highly depends on your environment. Make sure you read the vRealize Automation 7 – Reference Architecture to ensure you design the environment correctly.



Related Articles

In this example I have created the following
  • 2x vRealize Automation 7 Appliances
  • 2x Windows Servers for IaaS Web
  • 2x Windows Servers for the Management Service (Active / Passive)
  • 2x Windows Servers for the agents (one agent will be install – vSphere)
  • 2x Windows Servers for the DEMs
Depending on the size and requirements of your environment, you may also need to split out the vRealize Orchestrator from vRA and deploy / load balance two appliances instead. I have not done this here – I might cover it in future articles, but here I simply want to show how to install the vRA / IaaS part.



You can also see an Edge device – This environment has vCNS installed so I will use a vShield Edge as Load Balancer. The Agents and DEMs don’t require a Load Balancer – vRA will handle the failover automatically.







vra7_140

Here you can see I created three pools for
  • vRA Appliances (Active / Active)
  • IaaS Web (Active / Active)
  • Management Service (Active / Passive)

vra7_141

With the relevant virtual servers. Make sure DNS has been setup correctly for the virtual LB IPs
vra7_142

And of course make sure the LB is actually enabled
vra7_143

Browse to your first (primary) vRA appliance and login as root – the installation wizard should start automatically.
vra7_147

Accept the license agreement
vra7_148

The fun bit – select ‘Enterprise Deployment’
vra7_149

Click ‘Next’
vra7_150

Download and install the Automation Agent on every windows server.
vra7_151

Just go through the installation wizard ‘quickly’
vra7_131

vra7_132

vra7_133

Connect to the first vRA appliance and accept the SSL certificate thumbprint
vra7_134

Here I am using the domain admin, which isn’t best practise. But this is a lab, so I am happy to use it
vra7_135

Hit ‘Install’
vra7_136

And wait for the installation to finish
vra7_137

vra7_138

The Windows servers should now pop into the installation wizard.
Click ‘Next’
vra7_152

Add your second appliance.
vra7_153

In order to add the second appliance, you only need to do the following
  • Login
  • Cancel the installation wizard
  • Create a certificate – this can be self-signed as the wizard will replace it later
Example:
Screen Shot 2016-01-15 at 12.23.32

Accept the SSL certificate of the second appliance
vra7_162

Define the Server Roles
vra7_163

The Hosts aren’t necessarily in the correct order so make sure you look twice !
Here I have configured the following:
vra7_164

Tea-Time .. Click ‘Run’ to check the servers for prerequisites. Bear in mind, this will take .. a while.
vra7_165

If, like me, your Windows servers are plain servers, with no roles installed, the check will likely fail
vra7_167

You can check the details what exactly fail (if for example you configured the servers yourself previously)
vra7_168

Click ‘Fix’. This can take a long time. Depending on your environment etc.
vra7_170

Once everything is fixed, click ‘Run’ again to re-check
vra7_171

If all went well, and all is green, click ‘Next’
vra7_172

Here add the vRA Appliance LB address – remember my vShield Edge Virtual Servers ?
vra7_173

Configure your System Admin password
vra7_175

Once again, add here the Virtual Servers (VIPs) of your LB for both Web and Manager Service
Enter an Encryption Passphrase
vra7_176

Enter your SQL details. Now previously I mentioned that I used the domain admin for the Automation Agent installed.

As a result that user will also have full access on my SQL server and I therefore ok to use Windows Authentication.

If you used a service account, make sure it has the appropriate permissions on the sql server. See notes in the screenshot below.
vra7_177

Click ‘Validate’ and ensure the details are correct
vra7_179

Configure the credentials your IIS App Pools will run under. Again, this my dev environment, so I am using my trusted domain admin
vra7_181

Click ‘Validate’ and ensure your details are correct
vra7_183

Do the same for your Manager Services (Active / Passive)
Note: You cannot have two active Manager Services at the same time
vra7_184







Validate the credentials again.
Click ‘Validate’
vra7_186

Configure the DEMs.
vra7_187

Once more validate the credentials and settings. Ensure each DEM has a unique Instance Name
vra7_189

Make sure you remember the Endpoint name.
The Endpoint name (cAsE SenSItivE) will be used when configuring vRA Endpoints and it needs to match 100%.
vra7_190

Make sure both agent names / endpoints are configured on both servers identically
vra7_191

Validate your settings by clicking ‘Validate’
vra7_192

The next steps are to configure the certificates. For ‘production’ servers I have my own Windows CA.
Rather than creating a certificate for each server / role, I created a certificate with multiple Subject Names
Subject names include each appliance name, FQD, IP and also the Load Balancer Host Names, FQDNs and IPs.

If you intend to use SRM with re-IPing ensure your DR IPs are in the certificate as well.
vra7_139

You may also need to import the certificates to your vShield Edge / Load Balancer – especially if you want to offload SSL
Screen Shot 2016-01-15 at 12.51.56

Here now import the certificate.

If you follow my guide to create a certificate then the below certificates required are
  • rui.key
  • rui.pem
Click ‘Save Imported Certificate’
vra7_193

Once imported, click ‘Next’
vra7_194

Do the same for your web servers
vra7_195

vra7_197

And Manager Service
vra7_198

vra7_199

Unfortunately the FQDNs are too long to fit, but here follow the instructions and ensure that only the active / primary hosts are in your Load Balancer Pool
vra7_200

One final validation
vra7_201

This might take a while
vra7_202

But should succeed eventually.
Click ‘Next’
vra7_203

DO IT !!! Either create snapshots or backups – something …
vra7_204

If your backups / snapshots take a long time and the wizard times out (it did for me), login to your first vRA Appliance
vcac-vami installation-wizard activate
This will restart the wizard once you login to your vRA Appliance again. The wizard will start at the same point, so don’t worry.
It might start at the previous step but all you need to do is to get back to the Snapshot page and click ‘Next’
Click ‘Install’
vra7_205 

I was watching progress bars for about 3hrs (well, it took 3hrs anyway)
vra7_206 

vra7_207 

You can also follow the installation of each component. Here you will also find errors .. if there are any
vra7_208 

As I said – it took three hours but finished eventually 
vra7_209 

Enter a license key
vra7_210 

Click ‘Next’
vra7_211 

Enter a (secure) Admin password and click ‘Create Initial Content’
vra7_212 

And watch more progress bars
vra7_213 

Done
vra7_214 

Now it is time to re-add your hosts into the Load Balancer pools.
Note about the Manager Service : It really depends how your LB works.







As the Manager Service needs to be Active / Passive, either ensure it won’t fail over automatically (secondary is likely installed as manual service), or simply don’t add the second manager server until needed (i.e. you need to fail over). If you do add the secondary, below instructions explain what page you need to monitor
vra7_215 

Now you should be able to browse to your vRA environment using the VIP / FQDN.
vra7_216 

Once logged in, you can for example check the DEMs, ensuring they are all online etc.
vra7_217

That is it for the installation.



    Post a Comment

     
    TECH SUPPORT © 2012-2016