Enterprises planning a diverse software-defined datacentre strategy – in which all compute parts and network and storage infrastructure are virtualised – need a tool to manage, automate and orchestrate their software-defined infrastructure. That is where VMware vCloud Automation Center (vCAC) and vCenter Orchestrator (vCO) come in.
VMware vCAC is a software product for unifying cloud management. Enterprise IT can use it to provide and configure storage, network and compute resources across multiple platforms. It also enables administrators to automate application delivery and manage multi-cloud infrastructures.
The virtualisation and cloud provider released version 6.0 of vCAC in December 2013. It can be used to provision an IaaS (infrastructure as a service) self-service portal, in which the underlying compute resources can reside on VMware infrastructure or on a wide variety of other virtualisation or cloud systems, such as AWS, OpenStack, Microsoft Hyper-V, or VMware vCloud Hybrid Service (vCHS).
Deploying vCAC on VMware vSphere
This first requires IT to deploy two virtual appliances – an Identity Appliance for authentication and the vCAC appliance itself. However, if the enterprise infrastructure is on vCenter 5.50b or higher, IT can skip deploying the identity appliance and instead use the single-sign-on (SSO) service. The second step is to install the IaaS components on a Windows computer.
But before going ahead with the deployment, IT must make sure the infrastructure meets its hardware requirements.
How an Israeli enterprise installs vCAC to create a foundation for DevOps
When enterprises implement vCAC along with the less popular tool vCenter Orchestrator (which is included in the cost of almost any vSphere licence), they can use the vCAC self-service portal not only for IaaS deployment, but also for running custom workflows provided by vCAC that can be utilised for various tasks, such as creating users in Active Directory or similar directory services, uploading files to machines, or triggering anything that can be packaged as a vCO workflow. This capability is called XaaS –Anything as a Service.
This combined functionality makes vCAC a very interesting tool for service providers as well as for internal IT departments that want to harness the power of cloud computing to transform their existing offerings to real cloud services for consumers.
One such customer is a multinational corporation based in Tel Aviv, Israel, for which the authors recently provided consulting services. The Israeli organisation strives to create a self-service portal for internal customers by combining vCAC, vCO and the rest of VMware’s vCloud suite. It plans to add VMware’s network virtualisation platform NSX in the future.
This internal cloud project will replace systems such as VMware Lab Manager and VMware’s vCloud Director, as well as provide new functionality not previously offered by these platforms. In the meantime, vCAC will act as a front-end for an existing vCloud Director implementation.
The goal is to offer end-users a simple dashboard UI through which they can request complex environments comprising multiple virtual machines, and perform self-service actions on these environments, such as restarting VMs or taking snapshots.
As the company operates datacentres in different continents, the move will enable users to create VMs in any of its datacentres, irrespective of the region or network settings. Together with other automation tools such as vCenter Orchestrator, the system will form the basis of a DevOps implementation.
The vCAC appliance needs a minimum of two vCPUs, 8GB and 10GB of storage, but for maximum efficiency, administrators can double these requirements. The IaaS components have the same requirements and must be installed on Windows.
Steps to deploying and configuring a vCAC identity appliance
- Open the vSphere Client and choose File > Deploy OVF Template.
- Click on the Browse button in the source window and choose your identity appliance. Select Open and Next.
- Check the values on the OVF Template Details page and click Next.
- Confirm the End User Licence Agreement.
- Choose a name and a location for your virtual appliance.
- Within the Host/Cluster dialog, select the cluster where the appliance should be deployed.
- On the next screen, choose a resource pool.
- The Disk Format has to be specified too. Choose between Thick Provisioned Lazy Zeroed, Thick Provisioned Eager Zeroed and Thin Provisioned.
- Within the next dialog, the network needs to be configured. Choose the network to which you want the appliance to be connected.
- A Property dialog box asks for this input: a password for the virtual appliance, a hostname, the DNS settings, the IP address and a subnet mask.
- The last screen concludes the deployment assistant. Activate the Power On After Deployment checkbox and click the Finish button.
Once deployment of the appliance is completed, here is how administrators can configure the appliance (for the initial configuration, they should the use the self-signed certificates):
- Open a web browser and navigate to the identity appliance using the network settings specified during deployment. Use the URL in the following format: https://<identity-hostname.domain.name>:5480
- Accept any security warnings for the web page.
- Log in with root and password.
- First, configure the time settings. Navigate to the System tab and click Time Zone. Select the time zone for your appliance (see Figure 0-1).
- Change to the SSO tab. SSO is not configured yet (see Figure 0-2).
- First, the System Domain name is required. The value vsphere.local should be kept. A password must also be set. The username will be firstname.lastname@example.org. Click Apply to continue. It can take a couple of minutes to complete the configuration.
- Next, change to the Host Settings tab. The hostname textbox should show the fully-qualified domain name, together with the port number (:7444).
- Apply and move to the SSL page.
- To create an SSL certificate for proof-of-concept purposes, choose Generate Self-Signed Certificate from the Choose action menu and enter the required information. Finally, press Replace Certificate.
- After creating an SSL certificate, vCAC must be configured for connection with Active Directory. Move to the Active Directory page, provide the required values and click Join AD Domain (see Figure 0-3).
- Lastly, configure the time synchronisation (Admin > Time Settings). Depending on your system environment, choose a Time Server or Host Time.
Deploying and configuring the vCAC appliance
The basic deployment of the vCAC appliance is the same as for the identity appliance. Here is how administrators can configure the vCAC appliance:
- Open a browser and go the address https://<vcac-appliance.domain.name>:5480. Use root for the username.
- Next, go to the Time Zone page and configure the time settings.
- On the Host Settings page, the FQDN of the host must be configured within the CAFE Host Settings.
- Next, create an SSL certificate for the vCAC appliance. This can be done on the SSL page.
- Then the vCAC appliance must be connected to the identity appliance. Move to the SSO page and provide the corresponding values for the identity appliance. Remember that the username was email@example.com, the SSO default tenant was vsphere.local, and the identity appliance was accessible with port 7444.
- Finally, move to Licensing and provide a licence key for the vCAC appliance.
Installing the IaaS components
The IaaS components must be installed on a Windows machine that meets these requirements: Windows Server 2008 R2 SP1 or Windows 2012 SP1; SQL Server 2008 R2 SP1 or SQL Server 2012 SP1; PowerShell 2.0 or higher; .NET 4.5.0; and IIS 2008 R2 7.5 or IIS 2012 SP1.
Further configuration of the Windows services is needed. Fortunately, there is a PowerShell script that automates the installation of these prerequisites. After activating the script (see Figure 0-4), the IaaS installation can be started.
Installing the vCAC components
- Open the vCAC appliance page.
- Click on the link Download the setup.exe
- Run the downloaded setup file with administrator privileges.
- On the page Welcome to the vCloud Automation Center, accept the End-User Licence Agreement.
- Provide the vCAC appliance credentials on the Log In page.
- Choose Complete Install for the installation type and continue.
- On the following page, the prerequisite checker is run. If there is any open issue, fix it and press Next. (see Figure below):
- The next dialog asks for the server and account settings (see Figure 0-5).
- Keep the current user name as it appears in the text box.
- Provide the password for the username.
- Type in a passphrase for the data encryption.
- Configure the connection for your SQL server.
Configure the following value on the Distributed Execution Manager (DEM) and Proxy vSphere Agent page:
- Provide a DEM Worker name.
- Provide a DEM Orchestrator name.
- Set the checkbox Install and configure vSphere Agent.
- Accept the name for the vSphere Agent name.
- Accept the name for the vSphere Endpoint name.
The next window shows the vCAC registration information (see Figure 0-6):
- Click on the Load button to load the Default Tenant of your environment.
- Click View Certificate and Test.
- As soon as the certificate confirmation appears, click OK to continue.
- Activate the Accept certificate checkbox.
- Provide the SSO Administrator credentials.
- Keep the value for the IaaS server and click Test to check if it works.
Review your settings on the Ready To Install page and click Install – the vCAC infrastructure should be set in 30 minutes.
Guido Soeldner is a cloud infrastructure and virtualisation specialist working at Soeldner Consult GmbH - a German-based consultancy firm. Soeldner is also a regular contributor to Computer Weekly.