vRealize Automation- Installing and Configuring IaaS Components

In our last post Installing and Configuring vRA appliance we learned what is vRealize automation appliance and how to deploy and configure it. In this post we will learn installing and configuring the 3rd component of vRA suite “IaaS”. As always before jumping into install/configure lets have a look on what is IaaS and what it offers.

Overview of IaaS

IaaS stands for Infrastructure as a Service and provides a self-service portals to administrators and end users with ability to provisioning or deploy virtual machines on virtual and physical servers and across private, public and hybrid cloud infrastructures.

vRA IaaS is made up of several components including:

IaaS Website
Distributed Execution Managers(DEM)
Agents
Model Manager
Manager Service
Database

If you want to learn about functionality of these components please read the earlier post vCAC Introduction of this series.

The following diagram shows the relation of the different components of vRA:

Installation Pre-requisites:

Windows Server 2008 R2 SP1 / Windows Server 2012 R2
Microsoft .NET Framework 4.5.1
PowerShell version 2.0 or 3.0
Microsoft IIS 7.5
DNS forward/reverse query working fine.
Java 1.7 (64-bit) installed and JAVA_HOME set correctly. 32-bit version of Java is not supported.
vRA service account: In my home lab I am using svcvcac. This service account must be added to local administrator group of server where IaaS will be installed.
SQL Server 2008 Installed with no database. (vRA installer will create and configure database itself during installation)
Hardware: 2 vCPU/4-8GB RAM/ 30GB Disk

Note: I am using vRA 6.2.0 and initially installed Java 1.8 but my installation was failing. During troubleshooting I came to find out Java 1.8 is causing problem and I have to downgrade it to 1.7. You can check java compatibility with the version of vRA you are using in your environment.

If you have missed earlier posts of this series then I would recommend reading them first before going ahead. You can access the earlier posts from below links:

1: Introduction to vCAC(vRA)

2: Installing and Configuring vRA Identity Appliance

3: Installing and Configuring vRA Appliance

Lets jump into installation and configuration now.

Install IIS Role

Login to your server from console or RDP where you want to install IaaS components using the dedicated service account. I am using Server 2008 R2 datacenter in my lab for this purpose.

1: Launch Server manager and click on Add Roles

2: Check mark the box saying skip this page by default and hit next

3: Select Application Server and Web Server (IIS) role.

A new window will pop-up. Click on Add Required Features button.

4: Hit next on IIS overview page.

5: For Application Server Role Services select the following features:

Depending upon your selection a couple of window will pop-up. Click on Add Required Role Services

6: On Server Authentication Certificate select “Create a self-signed certificate” and hit next.

7: For IIS Roles and Services select the following features

8: On confirmation page, review your options and hit Install.

Installation will take some time. Sit and relax and grab a cup of coffee for yourself.

9: Hit close when Installation succeeded page is displayed.

Now we will configure the system first before installing vRA IaaS.

Configure MS DTC

Configure MS Distributed Transaction Coordinator (DTC) to allow DTC communications to/from your DB server

10: Go to Start > Administrative Tools > Component Services

Expand Component Services -> Computers -> My Computer -> Distributed Transaction

Select Allow Remote Clients and Allow Remote Administration and hit Apply and OK.

A dialog box will appear stating that MSDTC services will be restarted. Click on yes

Click OK on service restart confirmation dialog box.

Configure Security Policy

11: Go to Start > Administrative Tools > Local Security Policy

Expand Local Policies and select User Rights Assignments. From Right pane of window select “Logon As a Batch” and “Logon as a Service” and open their properties.

Click on Add User or Group button to add the dedicated service account for vRA. In my case I am using account name”svcvcac”

Hit Apply OK once you have added your service account. Ignore the below warning and click ok on it.

12: Go to Run and type services.msc and select “Secondary Logon” service and open the properties.

Set startup type to automatic and start the service.

Configure IIS

13: Go To Start > Administrative Tools > Configure IIS Manager

It will launch the following page. Expand Sites and Select Default Webb Site and Click on Authentication from right side pane.

Disable the Anonymous Authentication

Enable Windows authentication

Once Windows Authentication is enabled you will see extra options in extreme right upper corner. Click on Advance Settings.

Make sure Extended Protection is set to off and Enable Kernel-mode authentication is selected. Hit OK.

Now click on Providers option and verify Negotiate and NTLM are present under Enabled Providers.

Register .NET 4.5 with IIS

Once we have completed all the configurations, we need to register .NET 4.5 with the IIS service to ensure vCAC’s web services are using the appropriate version

From the “Start” menu, right-click “Command Prompt” and select “Run as administrator”

Navigate to C:WindowsMicrosoft.NetFramework64v4.0.30319

Type “aspnet_regiis.exe -i” and hit enter

Install vRA IaaS

Now system configuration is completed. It is good idea to reboot server this time before proceeding with IaaS install.

From IaaS server launch web browser and enter https://vRA FQDN:5480 and go to IaaS Install tab.

You can download IaaS installer from here.

Also if you are upgrading from vCAC 5.2 to vRA 6.2 you can download the Migration Tool.

If you are planning to use external MSSQL database for IaaS then you can download the database installation scripts and can run on server where SQL is installed to configure database for IaaS.

14: Launch the IaaS Installer file to start with Installation. Hit Next

15: Accept the license agreement and hit next.

16: Supply the vRA appliance username and password and check mark Accept Certificate.

17: If you want a distributed installation and looking to configure components on different servers you select Custom Install to choose which component will be installed on this server. In my lab I am installing everything on single server.

17: On next page installer will run tests. Dont proceed if anything comes in red. Fix those issues before proceeding.

Note: You can ignore Database warning if you are planning to use external database server for IaaS.

I had some issues in my IIS settings so I fixed those and hit Check Again. Fortunately this time everything came green for me.

I can bet you, for vRA deployment green will become your favorite color 🙂

18: On Server And Account Settings page provide the password and passphrase. Also if you your MSSQL database is installed on same server where you are installing IaaS, make sure you have selected Use Windows Authentication button.

19: Optionally provide a name for vSphere Agent Name. I have given vCenter. You are free to use your own name.

20: In Component Registry page configure the following:

Server: <fqdn of vRA server>

SSO Default Tenant: vsphere.local (clicking “Load” will auto fill this)

Certificate: click on “Download” to download the self-signed certificate from vCAC

Click “Accept Certificate”

SSO Admin Credentials:
• Username: administrator@vsphere.local
• Password: (admin password created during SSO initialization)

IaaS Server: <local server FQDN>

Click “Test” where applicable to. Review the configuration and Click “Next” to continue…

21: On ready to Install page review your settings and hit Install.

Now sit back and relax. It will take some good 15-20 minutes to get IaaS installed and configured. During the process you will see following screens:

Hit next once you get Installation Completed message.

22: You can check mark the Guide me through the initial system configuration if you jump into configuring the IaaS immediately. Hit finish to complete the installation process.