Setting up vCAC (vRA) environment consists of 3 things:
1: Deploying and Configuring Identity Appliance
2: Deploying and configuring vRA Appliance (vCAC Server)
3: Deploying and Configuring IaaS Components
If you have missed earlier posts of this series then I would recommend reading them first before going ahead. You can access the earlier posts from below links:
In this post we will be focusing on Installing and Configuring the Identity Appliance
What is Identity Appliance?
The VMware Identity Appliance is a virtual appliance for vCloud Automation Center (vCAC) that provides vCAC with single sign-on (SSO) authentication capabilities.
The Identity Appliance is available in form of ovf template which can be deployed on top of vSphere. Depending upon the infrastructure design, you can deploy a single instance of Identity Appliance or can go ahead with multiple instances (For HA purposes).
Note: Identity Appliance is not a mandatory requirement if you are running vSphere v5.5 Update 1 or above in your environment. You can leverage the existing SSO functionality that is installed along with vCenter 5.5.
Hardware requirements
The minimum hardware required to run an Identity Appliance is listed as below:
1 vCPU
2 GB RAM
2 GB HDD
Port requirements: Port requirements can be summarized as below:
Incoming ports:
Outgoing Ports
User accounts and privileges information can be found Here
Lets jump into installation now. In my home lab i have deployed Identity Appliance in VMware Workstation. In production environments it is generally deployed on top of vSphere.
Go to Home tab of VMware Workstation and click on “Open a Virtual Machine” option and navigate to the path where your Identity Appliance ovf file is downloaded.
Accept the license agreement
The ovf deployment will start after accepting the license agreement.
Once the ovf is deployed and the virtual machine boot is completed you will get the below screen. You can directly jump in into configuring the identity appliance by firing the URL https:://Identity-app-IP:5480
In my Lab my identity appliance got wrong IP due to NIC setting pointing to bridge. I am using NAT setting in my lab.
To correct or modify the network settings login to VM from console and fire the command # /opt/vmware/share/vami/vami_config_net
This command will present you with a menu where you can chose options to change the desired network settings
Once the network settings has changed, reboot the appliance for changes to take place.
Configuring the Identity Appliance
1. Login to https://vcac-id-app-ip:5480
2. Ignore the untrusted certificate warning.
3. Enter root as the username, and the password you defined during the OVA deployment.
4. Click on the Network tab, and confirm that your Hostname, Default Gateway, IP Address and DNS Server settings are correct.
5. Click on the SSO tab.
6. Enter and then re-enter a password to be used by the administrator@vsphere.local account and click the apply button.
Note: SSO initialization takes some time (2-3 minutes). Dont interrupt the process before its completed.
7. Once the SSO is initialized you will see “SSO is initialized” in green under “SSO Configuration” and also “SSO Status: RUNNING” below the password fields.
7. Click on the Host Settings tab.
8. in the SSO Host Name field enter the FQDN of your identity appliance and click Apply.
Note: Don’t append :7444 to the end of the FQDN. I have seen some blogs which will tell you to append 7444, but if you do this you will not be able to add SSO. I struggled with this for almost half an hour and then found in vCAC official documentation to not to use :7444
When in doubt, please refer this Link
9. Click on the SSL tab.
Note: In this post we will be using self signed certificates. If you want to use CA signed certificates, please refer this Blog
10. Change the “Choose Option” drop down to “Generate Self Signed Certificate”.
11. Enter the FQDN of your vCAC Identity Appliance in the Common Name field.
12. Enter an Organization value in the Organization field.
13. Enter and Organization Unit value in the Organization Unit field.
14. Enter a two digit Country Code in the Country Code field.
15. Click the Apply settings button.
16. You should now see “SSL Certificate is Replaced Successfully” in green under “Replace SSL Certificate”.
16. Click on the Active Directory tab.
17. Enter a Domain Name, Domain User and Password then click on Join AD Domain.
With this initial configuration of identity appliance is now completed. You will be able to login to Identity Appliance using your domain credentials.
In Next post of this series we will look into:
Installing and Configuring vRealize Automation Appliance
Installing and Configuring IaaS Components
Creating and Configuring vSphere Endpoints
Creating and Configuring Fabric Groups
Creating Business Groups and Reservations
Creating and Publishing Blueprints
Deploying a new VM from Self-Service Portal
Share this post on social media if this post is informational to you. Be Sociable 🙂
12 thoughts on “vRealize Automation- Deploying and Configuring Identity Appliance”