vRealize Automation/Orchestrator (vRA/vRO) 8.1 and Cloud
vRealize Automation 8.1 & Cloud
The previous major release of vRealize Automation (vRA) 8.0 marked a complete overhaul of the product. vRA 8 majorly expanded on scalability, Cloud Management, Multi-Cloud Extensions, App delivery with DevOps and featured Kubernetes support. The new platform is even built on a container architecture. The product now had the same code base as VMware Cloud Automation Services (The SaaS version of vRA). The last version also said goodbye to the Windows server that we always needed for the .NET dependency. Another great addition were the cloud-agnostic blueprints that we could now create right from within the product. These cloud-agnostic blueprints allowed us to provision infrastructure and deploy applications on any of the supported private clouds, without rewriting blueprints for each of them.
Since vRA 8 was essentially a completely new product, it was also missing quite a lot of options that we had back in vRA 7.6. VMware has fixed/re-added some features that were lost during the transition to vRA 8. The newest release of vRA marks version 8.1. Most of the new enhancements can be placed in four main categories:
- General Enhancements
- Connecting to VCF workload domains or private clouds has never been easier. vRA 8.1 features a new simple setup wizard to connect to whatever endpoint you wish.
- Custom Resources
- The newest version features the release of “Custom Resources”. Custom Resources can be build in Cloud Assembly right within the product. The Customer Resources allow you to create a XaaS (anything as a service) item that can be used within a blueprint. You can define Create, Update and Destroy actions for the resource and they can also be configured with day-2 operations.
- Custom Day 2 Actions
- Just like you can create custom resources, you can now also create Custom Day 2 Actions. These are also created in Cloud Assembly. These custom day 2 actions can be used on custom resources, but also on any other private or public cloud resource that’s available in the Cloud Assembly blueprint design canvas.
- Cloud Zone Resource Limits
- You can now set limits for storage, memory and cpu when adding a cloud zone to a project.
- Approval policies
- Approval policies have also been re-introduced in vRA 8.1. They didn’t make it in the 8.0 release, but fortunately they are back again. With Approval policies you can dictate what blueprints, actions or deployment requests require an approval before being initiated. Approval policies can be put on blueprints, (custom) day-2 actions or lease policies.
- Finally, VMware has fixed the multi-tenancy in vRA 8.1! It has been hinted before at VMUG’s and VMworld’s but we haven’t seen anything official until now. VMware has introduced something that looks quite a lot like the vCloud Director (vCD) multi-tenancy setup.
- Provider Admins create Provider Organizations and Tenant Organizations.
- Provider Admins create Project (previously known as business groups) and Tenant users have access to Projects.
- Once this is done tenant users that have access to a project can Govern (policies and approvals), Build (content), Manage (deployments) and access (Cloud Zones) within their tenant.
- Auditor role
- Also new is a role which can be described as a Read-Only role for users that need to see everything inside vRA, but should not be able to interact with them.
- Network Automation
- Day-2 operations on networks and loadbalancers
- Because Day-2 operations can now be used with ease, we can now also do day-2 operations on networks and load balancers. We can change the assigned VM NIC network, update VMs static/dynamic address range and rollback changes. We can also change load balancer properties and move load balancers between networks.
- Security groups
- NSX-V and NSX-T security groups are now first class citizens in vRA 8.1. You can add them using the YAML blueprint or network profile, assign firewall rules, ingress and egress policies. Security groups can be assigned to each NIC.
- IPAM SDK
- A new toolkit for developers to create a package that enables integration with third-party IPAM providers within vRA. Available soon on code.vmware.com. This new toolkit should make it a lot easier to implement third-party IPAM tooling than before.
- Day-2 operations on networks and loadbalancers
- Multi-Cloud Management
- OVA as a content source
- You can now import and expose OVA appliances as a content source in the vRealize Automation Service Broker Catalog. This includes Bitnami based prepackaged applications that are available now in the VMware Marketplace. This simplifies deployment of the most common applications that are already pre-packaged by Bitnami.
- Improved vRealize Operations Integration
- A tight integration between vRA en vROPS was already present in version 8. With this you could see estimated costs for a deployment and certain metrics right inside the vRA UI. With the new version of vRA the integration goes deeper and you can now see the Health Metrics and Health Badge to check the health of your application.
- Ansible Tower support
- Ansible Tower is once again activated with the new release of vRA. Ansible Tower was not supported during release 8.0. Only Ansible Open Source was supported. This meant that day-2 operations, RBAC and scheduling weren’t allowed to be controlled by Ansible. This has now been fixed.
- Microsoft Active Directory Integration
- Also new in this release is a deeper Windows Active Directory Integration. In previous releases we could use AD authentication to allow users to access vRA and pre-stage computer accounts into Organizational Units (OU’s). What you couldn’t do before is pointing deployments to a specific OU based on what Project the user is assigned in Cloud Assembly.
- Deleting deployments will also delete the previously created Computer Account in Active Directory.
- If you are using vRA Cloud you should be aware that this functionality requires you to deploy a new On-Prem Extensibility Action appliance.
- vRealize Automation Service Broker Policy Criteria
- You can use low level policy criteria in the Service Broker policies to assign very specific actions to users to further enhance security.
- OVA as a content source
- DevOps Capabilities
- Support for vSphere 7.0 with Kubernetes is also realized in this release.
- In vRA you can now also create a supervisor namespace on a supervisor cluster and assign said namespace to a project. Users within that project can use the kubectl tooling to deploy applications and VMs.
- PowerShell Support for ABX Actions
- ABX (Action Based Extensibility) actions are serverless functions to provide extensibility on the vRA platform. They provide an alternative to vRealize Orchestrator workflows using small and reusable scriptable actions. In the previous release you could only use Node.js or python run-time environments, which relied on AWS. This meant you would have to get an active subscription with Amazon Web Services Lambda. Starting with this release the on-premises ABX appliance will now support running Powershell (PS) natively as a serverless function!
- I think this is a great addition to the extensibility framework in vRA to allow easier and powerful scripting opportunities for developers without the need for Powershell hosts.
- Code Stream Pipeline as Catalog Item
- Previously you were able to add Blueprints, workflows, ABX actions and Marketplace templates to the catalog. Code Stream items are now also allowed! This means that you can use Custom Forms to create workflows for CI/CD infrastructure pipelines.
- Support for vSphere 7.0 with Kubernetes is also realized in this release.
Other noteworthy enhancements include:
- Custom Forms enhancements. It’s now possible to Import/Export CSS style sheets.
- Storage-persistent disks. Ability to create disks that don’t get deleted when a deployment or virtual machine gets deleted. Only through the API at this time.
- Bulk Deployment requests; A user can select the number of deployments to create at request time.
vRealize Orchestration 8.1
With the release of vRA 8.0 VMware decided to embed vRO right into the appliance. You could now use the fully capable vRO client directly from the vRealize Automation service console. VMware got rid of the old Java based legacy client and the vRO VAMI and blessed (right?) us with the new HTML 5 UI. Integration with Git (license dependable) was also among the many enhanced features last time around. This time with version 8.1 got even better. Let me start with the most epic addition to the product since the dawn of vRO:
Support for multiple Scripting languages including Powershell, Node.js and Python!!
This also means we don’t need to have extra Powershell hosts to run our Powershell scripts, and it will make it easier for us to create sophisticated workflows. The only thing that might be a bit of a downside with this is that you are required to have a license within vRA to be able to use this. Another thing that was bugging the community was the fact that the so-called Tree View was removed from the UI when we made the change to the HTML5 client. I can now announce that a Tree view variant is back. This means you can organize your workflows like you did in previous versions. It’s not the same, but it’s a start.
With the addition of Git in the last release VMware moved forward to a more uniform way of version control and code management. With this release it’s possible to sync workflows to different branches from a Git repository. Another nifty addition is that we can now visually see differences between versions in the workflow designer UI.
The last but also very important two features that were added is that you can now debug your workflow at the element level. This means that you can debug a workflow at any element within the workflow. This will definitely help with the troubleshooting and development of workflows in vRO. Also, syslog support has been added. Not sure why this was never added before but this is a good thing since you can now send your workflow debug messages to a syslog server.
vRealize Operations (vROPS) 8.1 and Cloud
Release 8.0 of vRealize Operations (vROPS) featured a lot of enhancements that helped us with new and enhanced capabilities for self-driving operations, planning and scaling hybrid cloud, HCI deployments and unifying multi-cloud monitoring. It featured a complete integration and performance, capacity, troubleshooting and compliance management system for VMware vSAN environments. It also featured support for multi-cloud monitoring with AWS and Azure with which we were now able to do monitoring, troubleshooting and analyze what-if scenarios together with the integration of VMware CloudHealth for actual cost and billing analysis. Extensive on-premises and HCI What-If scenarios were also added into this release to provide end-users easy to use capacity management scenarios.
The new Troubleshooting Workbench which uses AI/ML technologies provided us with a new dashboard to quickly find the root cause of any issue. Together with this VMware also launched the Service Discovery feature that can recognize (at the time) 41 services within the GuestOS without the need to install an agent. This is all done by the VMware tools. With the Service Discovery you can even show the top processes inside an OS and if you wish to, you can even run scripts directly inside the OS. All of this makes troubleshooting and finding the root cause relatively easy.
With the newest release of vROPS 8.1 & Cloud VMware extends their Self-Driving Ops, Simplified Troubleshooting, Intelligent Remediation and Efficient Capacity & Cost Management capabilities across private or public clouds in vROPS. It does this by providing an updated Public Cloud Migration assessment tooling, providing native support for VMware Cloud (VMC) on AWS, supporting Google Cloud Platform (GCP) (separate management pack) including cost integrations in CloudHealth and Microsoft Azure all from within vROPS.
It’s now possible to use VMC as an endpoint within vROPs. Once configured it will auto-discover new SDDC’s and incorporate them for monitoring. Because VMC on AWS is now natively supported VMware is also including several key dashboards for VMC specific use cases. You can now track key resources such as CPU, Memory, Disk and Network metrics right from within the vROPS UI. It’s also possible to track capacity trends and calculate forecasts with the Time Remaining, Capacity Remaining and Virtual Machines Remaining metrics so that customers are more aware of their cloud usages and can plan accordingly.
But wait that’s not all. You can also check your expenses for the services you are using in VMC on AWS using bills from the VMware Cloud Service portal. Do you want to check your purchase history, outstanding expense trend or simply the organizational cost overview for a given organization? That’s also possible in the vROPS UI in this release, the previous release had this as a separate management pack.
Like I said earlier, VMware also made some enhancements to the Cloud Migration Assessment tooling. It’s now a lot simpler, but it’s also more powerful. You can now run What-If migration scenario’s, adjust your discount % or change plans and save these scenario’s for further analyses later on. In light of these new additions VMware also added the following Amazon AWS constructs to be monitored right from the vROPS interface:
- Elastic Beanstalk
- Direct Connect Gateway
- Target Group
- Transit Gateway
- Internet Gateway
- Elastic Network Interface (ENI)
- EKS Cluster
In light of the new vSphere 7 with Kubernetes release the newest vROPS version is also fully supported with and aware of the new Kubernetes constructs within vSphere. vROPS 8.1 can auto-discover, classify and monitor all vSphere Kubernetes constructs such as Supervisor Clusters, Namespaces, PODs, Tanzu Kubernetes Clusters and even the applications in these constructs right from within the UI. This ensures that customers can use vSphere 7 with Kubernetes together with a powerful AI/ML analytics engine such as vROPS. With this integration obviously comes a set of new dashboards, views, alerts and reports that you can use to monitor the environments. These new dashboards provide a new unified dashboard which shows the complete inventory, topology view and KPI’s for your vSphere with Kubernetes environment. Within this dashboard you can simply select a Kubernetes construct from your topology, and you will receive all configured key metrics and infrastructure related information for that given object.
Capacity planning for these new Kubernetes constructs work the same as capacity planning for Multi-Cloud, HCI or on-premises environments work. You are given views that show the Time Remaining projections for CPU, Memory and Diskspace properties. You can also create machine classes to create views in which you can see how many VMs and PODs you can build before the environment fills up.
These new views also include reports on capacity, inventory and configuration for PODs, Supervisor Clusters, Tanzu Kubernetes Clusters and Namespaces. All of these reports will be readily available out-of-the-box once vROPS 8.1 is deployed.
The last important thing on the integration with vSphere and Kubernetes constructs is that vROPS 8.1 will also ship with a bunch of out-of-the-box alerts which can be used to monitor the environment.
vRealize Log insight (vRLI) 8.1 and Cloud
The latest release of vRealize Log Insight featured a large jump in versions. The release before that was version 4.8. So what happened to version 5.x-7.x? Well VMware decided it was time to move the product versioning in line with the rest of the vRealize product suite, since it’s been releasing content in lockstep for a while anyway.
vRealize Log Insight version 8 featured a couple of essential enhancements, such as the ability to export an unlimited number of log records at a time (finally…), where this was previously only possible for up to 20.000 records. Auditing capabilities and improved Content Packs were also part of the update and the vRealize Log Insight Agent, an agent that pulls logs from applications or OS’es that lack built-in syslog features, went open source.
In version 8.1 not many new enhancements have been made except for the fact that it supports vSphere 7.0 and has improved usability and reduced required administrative overhead. Another thing that is a little obvious is that it’s now possible to integrate vRealize Operations 8.1 Cloud with vRealize Log Insight 8.1 Cloud. I have heard that the free 25 OSI license has been removed. This would mean it is no longer “free” to use for the first couple of OSI’s. The vRLI Cloud variant has a 30-day trial license for you to test it out though.
What these enhancements will mean in the real world remains to be seen. I will update this blog once more information is available. I hope vRLI 8.1 will provide an easier way of exporting large log record files. Providing an NFS export just seems cumbersome to me. Maybe provide them in a log-bundly fashion?
Once the release notes went live I double checked them and noticed the following couple of additional enhancements that are interesting:
- Variable retention by log type; This means that we can now assign retentions to particular log types. This will help us be more efficient with our storage.
- Expanded horizontal scale; It’s now possible to use a maximum of 18 nodes in a cluster.
- URL-based unauthenticated dashboard sharing; This is actually a nice one. This will allow us to share vRLI dashboards across the business without authentication.
With all of these new releases and product portfolio’s announced today, VMware is accelerating the adoption of modern applications in enterprise environments while transforming and rearchitecting vSphere. All of the VMware products across the board have gained native buildin support for Kubernetes constructs. What this essentially means is that all products, whether it be the vSphere suite, vRealize suite or the vSAN suit, every single one of these products can now help enterprises build, manage and operate modern application infrastructures with the help of our beloved vSphere tools.
vSphere 7 enables developers by letting them use Kubernetes APIs to deploy their workloads on common vSphere infrastructures and it enables VI-admins to manage that same infrastructure just like they always have. With VMware Tanzu Mission Control it’s also possible to manage multiple Kubernetes environments across clouds with ease, eliminating unnecessary cloud silo technology teams and integrating both worlds into one. Essentially this removes some, not all of the problems we faced before regarding the management, deployment and lifecycle management of Kubernetes environments.
The new additions to the vSphere product suite are also very welcome coming from my own opinion. I strongly believe that you guys, my customers and myself will benefit from the fact that several key elements have been enhanced such as vMotion and DRS. Next to this vSphere 7 will streamline lifecycle management using a desired-state model and allow VI-admins to use this model by APIs to automate the entire lifecycle management process. Another welcome addition is the integration of the HCL and VCG right into the lifecycle management process to ensure that compatibility for drivers and vSphere patches match up.
** Please make note that the announced products haven’t been released yet and that features or certain enhancements could potentially be removed or changed before release.