vRA 7.4 Distributed Install: Part 2-Lab Setup

In last post of this series, I talked about high level overview of vRA distributed installation. In this post I will be discussing about my lab setup.

Management Cluster

In my management cluster I have vSphere 6.5 installed and vCenter is deployed with embedded psc. I have total of 5 hosts in my management cluster.


Host Details:


VM/Appliance Details:

  • 2x vRealize Automation 7.4 Appliances
  • 2x Windows Servers for IaaS Web
  • 2x Windows Servers for the Management Service (Active / Passive)
  • 2x Windows Servers for the DEMs/Agents


Windows Template Specifications

I deployed each of the windows vm using a template which was configured as per below:

1: Static IP set and windows domain joined. 

2: JRE 1.8 installed (you don’t need the full JDK).

3: vRA service account created and added to local administrator group. 

4: vRA service account granted Log on as service rights.

Path: Administrative Tools → Local Security Policy → Expand ‘Local Policy’ → Click on ‘User Rights Assignment’ → Right-click ‘Log on as a service’ → Properties → Click on the ‘Add User or Group’

5: MSTDC configured as shown below

Path: Start → Administrative Tools → Component Services → Computers → My Computer → Distributed Transaction Coordinator → Local DTC → Right Click → Properties → Security


Note: Few articles/video which I followed, recommends to use “No Authentication Required” option selected, but in my case vRA prerequisite check was failing because of this and setup recommended to use “Mutual Authentication“option.

6: Disabled User Access Control: Use below command to disable UAC via Powershell

New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -PropertyType DWord -Value 0 -Force

7: Firewall diabled for domain/local access.

Load Balancer Configuration

  • I am using NSX Edge Gateway Services for load balancing in my lab. I deployed NSX 6.4 in my lab and performed all NSX related configuration. You can follow this post of mine to see the steps needed.
  • I am using One-armed LB configuration and attached my distributed portgroup named “Production” as uplink to the ESG. This is the portgroup on which all my vRA VM’s sit.
  • Added 3 IP’s on the uplink interface (one primary and 2 secondary ip) which will be used during VIP configuration. I will walk through the load balancer steps in next post of this series. 

Database installation for IaaS Server

IaaS server needs supported version of MSSQL database installed in a separate windows vm. You can follow the instructions documented in this article for MSSQL installation.

Note: The IaaS service account should have dbo permission on the IaaS database.

DNS Records

Created A records for all my vRA VM’s and verified forward/reverse lookup is working fine. Also created 3 CNAME records and each record points to first member of Iaas-Web, Iaas-Manager and vRA appliances. 


NTP Details

NTP is very crucial in vRA distributed setup and so it’s very important to use a common time source for all vRA components. In my lab I have configured my Domain Controller vm as NTP source. I wrote an article in past on this topic. 

All domain joined windows VMs for IaaS will use sync their time from my Domain Controller.

Important Note: During vRA appliances deployment, there is no option to use NTP during deployment wizard. Before powering on the vRA appliances, make sure to configure them to sync their time from your Esxi hosts.

Note: Ensure that all ESXi hosts have a common time source.

SSL Certificates

I am not using any signed certificates in my lab. Each appliance/vm’s have their own self-signed certs. For info on using signed certificates, please see this article from VMware.

Additional Recommendations

For the medium deployment, its fine to use integrated vRO with vRA. But depending on the size and requirements of your environment, you may also need to split the vRO from vRA and configure them to use load balancer. In my lab I am going with integrated vRO configuration.

The Agents and DEMs don’t require a Load Balancer – vRA will handle the failover automatically.

And that’s it for this post. 

In next post of this series I will walk through the NSX load balancer configuration.

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing :)