Introduction to vRealize Automation

Hey Habr! Today we will talk about vRealize Automation. The article is primarily aimed at users who have not previously encountered this solution, so under the cut we will introduce you to its functions and share usage scenarios.

vRealize Automation enables customers to increase agility, productivity, and efficiency by simplifying their IT environment, streamlining IT processes, and providing a DevOps-ready automation platform.

Even though the new 8 version vRealize Automation was officially released back in the fall of 2019, there is still little up-to-date information about this solution and its updated functionality in Runet. Let's fix this injustice. 

What is vRealize Automation

It is a software product within the VMware ecosystem. It allows you to automate some aspects of managing your infrastructure and applications. 

In fact, vRealize Automation is a portal through which administrators, developers, and business users can query IT services and manage cloud and on-premises resources in accordance with the required policies.

vRealize Automation is available as a cloud-based SaaS service or can be installed on a customer's private cloud.

The most common scenario for local projects is a complex installation on a VMware stack: vSphere, ESXi hosts, vCenter Server, vRealize Operation, etc. 

For example, your business needs the flexibility and speed to create virtual machines. It is not always rational to prescribe addresses, switch networks, install OS and do other routine things manually. vRealize Automation lets you create and publish blueprints for machine deployments. It can be both simple schemes and complex ones, including a stack of user applications. Ready-made published schemes are placed in the service catalog.

vRealize Automation Portals

Once vRealize Automation is installed, a management console becomes available to the primary administrator. In it, you can create a large number of cloud service portals for different categories of users. For example, one is for administrators. The second is for network engineers. The third is for managers. Each portal can have its own blueprints (schemes). Each user group can access only approved services for it. 

Blueprints are described using easy-to-read YAML scripts and support versioning and Git process tracking:

You can read more about the internals and capabilities of vRealize Automation in blog series here.

vRealize Automation 8: What's New

16 Key vRealize Automation 8 Services in One Screenshot

16 Key vRealize Automation 8 Services in One Screenshot

For detailed release notes, please see on the VMware page, we will present the most interesting features of the new version:

• vRealize Automation 8 has been completely rewritten and built around a microservice architecture.

• To install, you must have both VMware Identity Manager and LifeCycle Manager in your infrastructure. You can use Easy Install, which installs and configures the components one by one.

• vRealize Automation 8 does not require the installation of additional IaaS servers based on MS Windows Server, as was the case in versions 7.x.

• vRealize Automation is installed on Photon OS 3.0. All key services work like K8S Pods. Containers inside pods are powered by Docker.

• PostgreSQL is the only DBMS supported. Pods use Persistent Volume to store data. A separate database is allocated for key services.

Let's walk through the components of vRealize Automation 8.

Cloud Assembly used to deploy VMs, applications and other services to various public clouds and vCenter Servers. Works on the basis of Infrastructure as Code, allows you to optimize the provision of infrastructure in accordance with the principles of DevOps.

Various out-of-the-box integrations are also available:

In this service, "users" create templates in YAML format and in the form of a component diagram.

You can "link" from your My VMware account to use the Marketplace and pre-provisioned services.

Administrators can use vRealize Orchestrator Workflows to communicate with additional infrastructure objects (such as MS AD/DNS, etc.).

You can link vRA with VMware Enterprise PKS to deploy K8S clusters.

In the Deployments section, we see already installed resources.

codestream is a release automation and continuous delivery solution that ensures stable and regular release of applications and software code. A huge number of integrations are available - Jenkins, Bamboo, Git, Docker, Jira, etc. 

Service Broker - a service that provides a directory for enterprise users:

In Service Broker, administrators can configure approval policies for specific settings. 

vRealize Automation Use Cases

All in one

Now in the world there are many different solutions for virtualization - VMware, Hyper-V, KVM. Businesses often resort to using global clouds such as Azure, AWS, and Google Cloud. Managing this "zoo" every year is more and more difficult. To some, this problem may seem far-fetched: why not use only one solution within the company? The fact is that for some tasks, an inexpensive KVM can really suffice. And more serious projects will need all the functionality of VMware. It is sometimes impossible to choose one thing, at least for economic reasons.

Along with the increase in the number of solutions used, the volume of tasks also grows. For example, you may need to automate software delivery, configuration management, and application deployment. Before vRealize Automation, there was no single tool that could absorb the management of all these platforms in a single window.

Whatever stack of solutions and platforms you use, it is possible to manage them through a single portal.

Whatever stack of solutions and platforms you use, it is possible to manage them through a single portal.

We automate typical processes

Within vRealize Automation, a similar scenario is possible:

• Administrator apps you need to deploy an additional VM. With vRealize Automation, he does not have to do anything manually or negotiate with the appropriate experts. It will be enough to click on the conditional button “I want VM and faster”, and the application will go further.

• The application is received System Administrator. It examines the request, sees if there are enough free resources, and approves it.

• Next in line is manager. Its task is to assess whether the company is ready to allocate funds for the project. If everything is in order, he also clicks Approve.

We deliberately chose the simplest possible process and reduced the number of its links in order to highlight the main idea:

vRealize Automation, in addition to IT processes, affects the business process plane. Each specialist "closes" his part of the task in pipeline mode.

The problem given in the form of an example can be solved using other systems - for example, ServiceNow or Jira. But vRealize Automation is "closer" to the infrastructure and more complex cases are possible than deploying a virtual machine. You can "in one button mode" automatically check the availability of storage space, if necessary, create new moons. Technically, it is even possible to build a non-standard solution and script requests to the cloud provider.

DevOps and CI/CD

In addition to collecting all sites and clouds in one window, vRealize Automation allows you to manage all available environments in accordance with the principles of DevOps. Service developers can develop and release applications without being tied to any particular platform.

As you can see in the diagram, above the platform level is Developer Ready Infrastructure, which implements the functions of integration and delivery, as well as managing various scenarios for the deployment of IT systems, regardless of the platform used at the level below.

Consumption, or the level of the consumer of services, is an environment for the interaction of users / administrators with end IT systems:

• content development allows you to build interaction with the Dev-level and manage changes, versioning and access the repository.

• Service Catalog allows you to deliver services to end users: rollback/publish new ones and receive feedback.

• Projects allows you to establish internal IT decision-making processes, when each change or delegation of rights goes through the approval process, which is important for companies from the enterprise.

Some practice

The theory and use cases are over. Let's see how vRA allows you to solve typical tasks.

Automation of virtual machine provisioning process

1. Ordering a virtual machine from the vRA portal.

2. Approval by the person responsible for the infrastructure and/or manager.

3. Selecting the correct cluster/host network.

4. Request IP address in IPAM (ie Infoblox), get network configuration.

5. Create an Active Directory account/DNS entry.

6. Deploy machines.

7. Sending an e-mail notification to the customer when it is ready.

Single blueprint for Linux-based VM

1. One object in the directory with the ability to select the data center, role and environment (dev, test, prod).

2. Depending on the set of options above, the correct vCenter, networks and storage systems are selected.

3. IP addresses are reserved and registered by DNS. If the VM is deployed to the prod environment, it is added to the backup job.

4. Deploy machines.

5. Integration with different Configuration Management systems (for example, Ansible -> launching the correct playbook).

Internal administration portal in a single directory through various APIs of third-party products

• Create/delete and manage user accounts in AD according to company naming rules:

  • If a user account is created, an email with login information is sent to the head of the unit/department. Based on the selected department and position, the user is assigned the necessary rights (RBAC).

  • Service account login information is sent directly to the user requesting to create one.

• Backup service management.

• Manage SDN firewall rules, security groups, ipsec tunnels, etc. are applied upon confirmation from the persons responsible for the service.

Сonclusion

vRA is a purely business product, flexible and easily scalable. It is constantly evolving, has a fairly strong support and reflects modern "trends". For example, this is one of the first products that switched to container-based microservice architecture. 

With it, you can implement almost any automation scenarios within hybrid clouds. In fact, everything that has an API is supported in one form or another. In addition, it is a great tool for providing services to end users in parallel with their delivery and DevOps development, which rely on the IT department dealing with security issues and management of the platform itself.

Another plus of vRealize Automation is a solution from VMware. It will suit most customers, as they already use the products of this company. You won't have to redraw anything.

Of course, we do not pretend to provide a detailed description of the solution. In future articles, we'll expand on some of the vRealize Automation specific features and answer your questions if you have them in the comments. 

If you are interested in the solution and scenarios for its use, we will be glad to see you on our webinarabout automating IT processes with vRealize Automation. 

Source: habr.com