You deploy the host virtual machine and prepare the VMware Cloud Foundation instance before installing and configuring the PowerShell Module for VMware Cloud Foundation Reporting and Python Module for VMware Cloud Foundation Health Monitoring in VMware Aria Operations.

Deploy the Host Virtual Machine for Health Reporting and Monitoring for VMware Cloud Foundation

You deploy the host virtual machine within the management vCenter Server instance and use it to execute the PowerShell Module for VMware Cloud Foundation Reporting and the Python Module for VMware Cloud Foundation Health Monitoring in VMware Aria Operations.

The host virtual machine can use a Photon OS or Windows Server based operating system that adheres to your orgainzation's standards. For illustration purposes or use within non-production environment, this validated solution uses a sample Photon OS appliance, available for download at Photon OS sample appliance. You can also use the code from the GitHub project to build the appliance as an OVA.

The sample appliance comes with all necessary OS packages. If you deploy a Photon OS host virtual machine instead of using the sample appliance, you must install the following packages:
  • logrotate
  • wget
  • git
  • unzip
  • tar
  • jq
  • cronie
  • powershell
  • python3-pip
To install these packages, run the following commands: 
tdnf install -y \
  minimal \
  logrotate \
  wget \
  git \
  unzip \
  tar \
  jq \
  cronie \
  powershell \
  python3-pip

Procedure

  1. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.

  2. In the Hosts and clusters inventory, navigate to the default management data center and expand the data center.

  3. Right-click the cluster, and select Deploy OVF template.

  4. On the Select an OVF template page, select Local file, and click Upload files.

  5. On the Open dialog page, navigate to the OVA file, click Open, and click Next.

  6. On the Select a name and folder page, in the Virtual machine name text box, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Next.

  7. On the Select a compute resource page, select the compute resource, and click Next.

  8. On the Review details page, review the settings, and click Next.

  9. On the Select storage page, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Next.

  10. On the Select networks page, from the Destination network drop-down menu, select the management VLAN port group, and click Next.

  11. On the Customize template page, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Next.

  12. On the Ready to complete page, click Finish, and wait for the completion of the process.

  13. Power on the host virtual machine.

    1. In the Hosts and clusters inventory, navigate to the default management data center and expand the data center.

    2. Expand the cluster.

    3. Right-click the host virtual machine and, from the Actions drop-down menu, select Power > Power on.

Create Virtual Machine and Template Folder for the Host Virtual Machine for Health Reporting and Monitoring for VMware Cloud Foundation

To improve ease of management of the host virtual machine, you create a virtual machine folder in the management vCenter Server instance.

Procedure

  1. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.

  2. In the VMs and templates inventory, navigate to the default management data center, right-click the data center, and select New folder > New VM and template folder.

  3. In the New folder dialog box, enter a name for the folder according to the VMware Cloud Foundation Planning and Preparation Workbook, and click OK.

Move the Host Virtual Machine to the Dedicated Folder for Health Reporting and Monitoring for VMware Cloud Foundation

Move the host virtual machine to the dedicated virtual machine folder you previously created.

Procedure

  1. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui as [email protected].

  2. In the VMs and templates inventory, expand the management domain vCenter Server tree and the management domain data center.

  3. Right-click the host virtual machine and select Move to folder.

  4. In the Move to folder dialog box, select the dedicated folder for the host virtual machine, and click OK.

Add the Host Virtual Machine to the First Availability Zone VM Group for Health Reporting and Monitoring for VMware Cloud Foundation

If the management domain is configured with two availability zones, to provide fail over to the second availability zone, move the host virtual machine to the VM group for the first availability zone. The virtual machine write operations are performed synchronously across both availability zones and each availability zone has a copy of the data.

Procedure

  1. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui as [email protected].
  2. In the Hosts and clusters inventory, expand the management domain vCenter Server tree and expand the management domain data center.

  3. Select the default management vSphere cluster and click the Configure tab.

  4. In the left pane, select Configuration > VM/Host groups.

  5. Select the VM group for the first availability zone according to your value in the VMware Cloud Foundation Planning and Preparation Workbook and click Add VM/Host group members.

  6. In the Add group member dialog box, select the host virtual machine and click OK.

Assign SDDC Manager Role to a Service Account for the PowerShell Module for VMware Cloud Foundation Reporting

To provide the necessary privileges to the service account for the PowerShell Module for VMware Cloud Foundation Reporting, you assign the ADMIN role to a service account in SDDC Manager.

The cmdlets in this PowerShell module, and its dependencies, return data from SDDC management components. SDDC Manager provides the credentials for the platform components. For cmdlets that connect to SDDC Manager, you use the VMware Cloud Foundation API and a user or service account with the ADMIN role in SDDC Manager.

Procedure

  1. Log in to SDDC Manager at https://<sddc_manager_fqdn> with a user assigned the Admin role.

  2. For VMware Cloud Foundation 4.4.x, in the navigation pane, click Administration user.

  3. For VMware Cloud Foundation 4.5 or later, in the navigation pane, click Administration > Single sign on.

  4. On the Manage users page, click Add user or group.

  5. On the Add user or group page, in the Search user text box, enter the name of the service account according to the value in your VMware Cloud Foundation Planning and Preparation Workbook.

  6. In the User / group name column, select the check box for the service account.

  7. In the Role column, from the Choose role drop-down menu, select the ADMIN role.

  8. Click Add.

Synchronize the Active Directory Users for VMware Aria Operations for Health Reporting and Monitoring for VMware Cloud Foundation

You synchronize the Active Directory users for use by VMware Aria Operations in the clustered Workspace ONE Access.

Procedure

  1. Log in to the clustered Workspace ONE Access deployment at https://<clustered_workspace_one_access_fqdn>/admin with a user assigned the administrator role.

  2. On the main navigation bar, click Identity and access management.

  3. Click the Directories tab and select your directory name according to the values in your VMware Cloud Foundation Planning and Preparation Workbook.

  4. On the Settings tab, click Sync settings.

  5. Click the Users tab.

  6. Under Specify the user DNs, click Add.

  7. In the text box, enter the base DN for Active Directory users according to the values in your VMware Cloud Foundation Planning and Preparation Workbook.

  8. Click Save and sync.

  9. Click Sync directory.

Define a Custom Role in VMware Aria Operations for the Python Module for VMware Cloud Foundation Health Monitoring

To provide the necessary permissions, you create a custom role for the Python module in VMware Aria Operations. These permissions provide least privilege access to VMware Aria Operations REST APIs. Also add the scope for a service account to allows the service account access to NSX, vCenter, VMware Cloud Foundation, and vSAN adapter instance objects.

Procedure

  1. Log in to the VMware Aria Operations interface at https://<aria_operations_fqdn> with a user assigned the Administrator role.
  2. In the left pane, navigate to Administration > Control panel.
  3. Click Access control and click the Roles tab.
  4. Click Add.

  5. Configure the new custom role and assign access control scope.

    1. On the Create Role page in the Role information section, configure the settings according to the values in your VMware Cloud Foundation Planning and Preparation Workbook.

    2. In the Assign permissions section, configure the settings and click Save.

      Category

      Permissions

      Administration.REST APIs

      All other read, write APIs

      Read access to APIs
    3. On the Access control page, click the Scopes tab.
    4. To add the scope for a service account, click Add.
    5. On the Create scope page in the Scope information section, configure the settings according to the values in your VMware Cloud Foundation Planning and Preparation Workbook.
    6. In the Select object section, select the following objects.

      Object Hierarchies

      Object

      Adapter instance

      		 NSX
      vCenter
      VMware Cloud Foundation
      vSAN Adapter

    7. Click Save.

Assign VMware Aria Operations Custom Role to a Service Account for the Python Module for VMware Cloud Foundation Health Monitoring

Import and assign a role to the service account in VMware Aria Operations.

Procedure

  1. Log in to the VMware Aria Operations interface at https://<aria_operations_fqdn> with a user assigned the Administrator role.
  2. In the left pane, navigate to Administration > Control panel.

  3. Click Access control and click the User accounts tab.

  4. To import a service account, from the elliptical drop-down menu, select Import from source.

    1. On the Import users page, configure the settings according to the values in your VMware Cloud Foundation Planning and Preparation Workbook and click Next then click Finish.

  5. Assign the custom role to the service account.

    1. On the User accounts page, select the service account and from the vertical ellipsis drop-down menu, select Edit.

    2. In Assign roles and scope section, configure the settings according to the values in your VMware Cloud Foundation Planning and Preparation Workbook and click Save.