You reuse or create a cross-instance environment in VMware Aria Suite Lifecycle and deploy the VMware Aria Operations for Networks.

Prerequisites

Verify that your environment fulfills the prerequisites for the deployment of VMware Aria Operations for Networks.

Prerequisite

Value

Environment
Table 1. VMware Aria Operations for Networks Platform Node Resources
Attribute Standard Specification Cluster Specification
Appliance Size Extra-Large Extra-Large
Number of Nodes 1 3
CPU Varies for the phyisical CPU core speed Varies for the phyisical CPU core speed
16 x 2.6 GHz 16 x 2.6 GHz
18 x 2.3 GHz 18 x 2.3 GHz
20 x 2.1 GHz 20 x 2.1 GHz
Memory 64 GB 192 GB
Storage 2 TB 2 TB
Table 2. VMware Aria Operations for Networks Collector Node Resources
Attribute Node
Appliance Size Large
CPU Varies for the phyisical CPU core speed
8 x 2.6 GHz
9 x 2.3 GHz
10 x 2.1 GHz
Memory 16 GB
Storage 200 GB
Number of VMs 10K
Flows per Day 5 million
  • Verify that vCenter Server is operational.
  • Verify that the vSphere cluster has vSphere DRS and HA activated.
  • Verify that the NSX Manager is operational.
  • Verify that the cross-instance NSX segment is available for the deployment of the VMware Aria Operations for Networks platform node.
  • Verify that the local-instance NSX segment is available for the deployment of the VMware Aria Operations for Networks collector node.
  • Verify that VMware Aria Suite Lifecycle in the first VMware Cloud Foundation instance is operational and data collection from the management domain vCenter Server instance has run successfully.
Software Verify that the VMware Aria Operations for Networks product binaries are available in VMware Aria Suite Lifecycle.
License Verify that you obtained the VMware Aria Suite or VMware Aria Operations for Networks licenses with a quantity that fulfills the requirements of this design.
Active Directory
  • Verify that the required Active Directory user accounts are created.
  • Verify that the required Active Directory security groups are created.
  • Verify that the required Active Directory security group memberships are set with the required user accounts.
Identity and Access Management Verify that the required Active Directory users and groups are configured with Active Directory over LDAPS. This configuration ensures that the Active Directory users and groups for use by VMware Aria Operations for Networks are are available.
Certificate Authority

This solution uses Microsoft Active Directory Certificate Services for Certificate Authority and the PowerShell Module for VMware Validated Solutions to generate the required certificates. However, this mosule also supports generating certificate signing requests (CSRs) for third party certificate authorities for import to the VMware Aria Suite Lifecycle locker.

  • Verify that a Microsoft Certificate Authority is available for the environment.

  • Install the PowerShell Module for VMware Validated Solutions togther with the supporting modules to request an SSL certificate from your Microsoft Certificate Authority.

  • Verify that you have OpenSSL 3.0 or later installed on the system that will run the PowerShell module. The OpenSSL Wiki has a list of third-party pre-compiled binaries for Microsoft Windows.

    openssl --version

Import the VMware Aria Operations for Networks OVA to vSphere Content Library for Intelligent Network Visibility for VMware Cloud Foundation

To deploy VMware Aria Operations for Networks by using VMware Aria Suite Lifecycle, you must first import the VMware Aria Operations for Networks OVAs into your operational management vSphere Content library.

Procedure

You import the VMware Aria Operations for Networks Platform node and Collector node OVAs.

  1. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
  2. From the vSphere Client drop-down menu, select Content libraries.
  3. On the Content libraries page, click your library for operational management.
  4. In the left pane, click OVF & OVA templates.
  5. Import the VMware Aria Operations for Networks Platform node OVA.
    1. From the Actions drop-down menu, select Import item.
    2. In the Import library item dialog box, select Local file and click Upload files.
    3. Navigate to the VMware Aria Operations OVA and click Open.
    4. In the Import library item dialog box, click Import and wait for the process to complete.
  6. Repeat this step to import the VMware Aria Operations for Networks Collector node OVA.

Add the VMware Aria Operations for Networks License to VMware Aria Suite Lifecycle for Intelligent Network Visibility for VMware Cloud Foundation

You can license VMware Aria Operations for Networks individually or as part of VMware Aria Suite. If you have not added the VMware Aria Suite license to VMware Aria Suite Lifecycle as part of another solution, you can add the license to the VMware Aria Suite Lifecycle locker before deploying VMware Aria Operations for Networks, or you can add the license during deployment.

Procedure

  1. Log in to VMware Aria Suite Lifecycle at https://<aria_suite_lifecycle_fqdn> as vcfadmin@local.
  2. On the My services page, click Locker.
  3. In the navigation pane, click Licenses.
  4. To add the license manually, click Add license manually, enter a license alias and the license key.
  5. Click Validate.
  6. After successful validation, click Add.

Import the Certificate for VMware Aria Operations for Networks to VMware Aria Suite Lifecycle for Intelligent Network Visibility for VMware Cloud Foundation

To prepare VMware Aria Suite Lifecycle for deploying VMware Aria Operations for Networks, you must generate an SSL certificate using the PowerShell module for VMware Validated Solutions and add the certificate to the VMware Aria Suite Lifecycle locker.

Procedure

  1. Generate an SSL certificate using the PowerShell module for VMware Validated Solutions.

    1. Start PowerShell.

    2. Replace the sample values in the variables below and run the commands in the PowerShell console.

      $commonName = "xint-net01a.rainpole.io"
$subjectAltNames = "xint-net01a.rainpole.io, sfo-net-pxy01a.sfo.rainpole.io"
$encryptionKeySize = 2048
$certificateExpiryDays = 730
$orgName = "rainpole"
$orgUnitName = "Platform Engineering"
$orgLocalityName = "San Francisco"
$orgStateName = "California"
$orgCountryCode = "US"

$caType = "msca"
$caFqdn = "rpl-ad01.rainpole.io"
$caUsername = "Administrator"
$caPassword = "VMw@re1!"
$caTemplate = "VMware"

$outputPath = ".\certificates\"
$csrFilePath = Join-Path $outputPath "$commonName.csr"
$keyFilePath = Join-Path $outputPath "$commonName.key"
$crtFilePath = Join-Path $outputPath "$commonName.crt"
$rootCaFilePath = Join-Path $outputPath "$caFqdn-rootCa.pem"

    3. Perform the configuration by running the command in the PowerShell console.

      Invoke-GeneratePrivateKeyAndCsr -outDirPath $outputPath -commonName $commonName -subjectAlternativeNames $subjectAltNames -keySize $encryptionKeySize -expireDays $certificateExpiryDays -organization $orgName -organizationUnit $orgUnitName -locality  $orgLocalityName -state $orgStateName -country $orgCountryCode

Invoke-RequestSignedCertificate -caFqdn $caFqdn -csrFilePath $csrFilePath -outDirPath $outputPath -certificateAuthority $caType -username $caUsername -password $caPassword -certificateTemplate $caTemplate -getCArootCert

Invoke-GenerateChainPem -outDirPath $outputPath -keyFilePath $keyFilePath -crtFilePath $crtFilePath -rootCaFilePath $rootCaFilePath

  2. Add the generated SSL certificate to the VMware Aria Suite Lifecycle locker.

    1. Log in to VMware Aria Suite Lifecycle at https://<aria_suite_lifecycle_fqdn> as vcfadmin@local.
    2. On the My services page, click Locker.
    3. In the navigation pane, click Certificates.

    4. On the Certificates page, click Import.

    5. On the Import certificate page, enter a name for the VMware Aria Operations for Networks certificate according to your VMware Cloud Foundation Planning and Preparation Workbook.

    6. Click Browse file, navigate to the VMware Aria Operations for Networks certificate file (.pem), and click Open.

    7. On the Import certificate page, click Import.

Add the VMware Aria Operations for Networks Passwords to VMware Aria Suite Lifecycle for Intelligent Network Visibility for VMware Cloud Foundation

Before deploying VMware Aria Operations for Networks by using VMware Aria Suite Lifecycle, you must add the password for the VMware Aria Operations for NetworksAdministrator, support, and consoleuser users to the VMware Aria Suite Lifecycle locker.

Additionally, if you have not created the VMware Aria Suite Lifecycle cross-instance environment, you must add the password for the environment admin account to the locker, before creating the cross-instance environment for VMware Aria Operations.

VMware Aria Suite Lifecycle uses the VMware Aria Operations for NetworksAdministrator password only for the VMware Aria Operations for Networks deployment. After deploying VMware Aria Operations for Networks in a VMware Aria Suite Lifecycle logical environment, the passwords are not managed by SDDC Manager and must be managed manually. See Password Management Design for Intelligent Network Visibility for VMware Cloud Foundation.

If you have a VMware Aria Automation implementation in your VMware Cloud Foundation environment as another validated solution, you already added the admin password for the VMware Aria Suite Lifecycle cross-instance environment.

Procedure

  1. Log in to VMware Aria Suite Lifecycle at https://<aria_suite_lifecycle_fqdn> as vcfadmin@local.
  2. On the My services page, click Locker.
  3. In the navigation pane, click Passwords.
  4. On the Passwords page, click Add.

  5. On the Add password page, configure the VMware Aria Operations for NetworksAdministrator password according to your VMware Cloud Foundation Planning and Preparation Workbook and click Add.

  6. On the Add password page, configure the VMware Aria Operations for Networkssupport password according to your VMware Cloud Foundation Planning and Preparation Workbook and click Add.

  7. On the Add password page, configure the VMware Aria Operations for Networksconsoleuser password according to your VMware Cloud Foundation Planning and Preparation Workbook and click Add.

  8. If you have not integrated VMware Aria Automation as another validated solution, repeat the procedure for the admin password for the VMware Aria Suite Lifecycle cross-instance environment.

Deploy VMware Aria Operations for Networks by Using VMware Aria Suite Lifecycle for Intelligent Network Visibility for VMware Cloud Foundation

Deploy VMware Aria Operations for Networks in a VMware Aria Suite Lifecycle logical environment.

If you do not have a VMware Aria Automation implementation in your VMware Cloud Foundation environment as another validated solution you must create a new cross-instance, logical environment and deploy VMware Aria Operations for Networks in this new logical environment.

If you have a VMware Aria Automation implementation in your VMware Cloud Foundation environment as another validated solution, you add VMware Aria Operations for Networks to the existing cross-instance environment.

Procedure

  1. Log in to VMware Aria Suite Lifecycle at https://<aria_suite_lifecycle_fqdn> as vcfadmin@local.
  2. On the My services page, click Lifecycle operations.
  3. If you do not have an existing VMware Aria Automation cross-instance environment, create a new environment.
    1. On the Lifecycle operations page, in the left navigation pane, click Create environment.
    2. Configure the following settings, configure the remaining settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Next.

      Setting

      Value
      Activate SDDC Manager integration Deactivated
      JSON configuration Deactivated
      Join the VMware Customer Experience Improvement Program Selected
  4. If you have an existing VMware Aria Automation cross-instance environment, add VMware Aria Operations for Networks as a product to this environment.
    1. On the Lifecycle operations page, in the left pane, click Environments.
    2. In the card of the cross-instance environment with VMware Aria Automation, click the horizontal ellipsis, and select Add product.
    3. On the Select product page, select the check box in the VMware Aria Operations for Networks card, configure the settings, and click Next.
      Setting Value
      Installation type New install
      Version Select the compatible version for the respective VMware Cloud Foundation release.
      Deployment type Standard
  5. On the End user license agreement page, agree to license agreement, and click Next.
  6. On the License page, select or manually add the VMware Aria Operations for Networks license, click Validate association, and click Next.
    • To select the license from the locker, click Select, select the license alias, and click Update.
    • To add the license manually, click Add, enter the license alias and key, click Validate, and click Add.
  7. On the Certificate page, from the Select certificate drop-down menu, select the appropriate certificate for VMware Aria Operations and click Next.
  8. On the Infrastructure page, configure the following settings, configure the remaining settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Next.

    Setting

    Value
    Select resource pool

    n/a
    Select disk mode

    Thin
    Use content library

    Enabled
    Note: The resource pool setting is applicable for VMware Cloud Foundation consolidated management and VI workload domain consumption model.

  9. On the Binary Mapping page, click Select content library item , click the check box next to VMware Aria Operations for Networks platform and controller OVAs from the list and click Select, then click Next.

  10. On the Network page, review the settings and click Next.

  11. On the Products page, in the Product properties section, configure the following settings, configure the remaining settings according to your VMware Cloud Foundation Planning and Preparation Workbook.
    Setting Value
    FIPS Compliance Mode Off
    Anti-affinity / affinity rule Deactivated
    Integrate with Identity Manager Deactivated
  12. In the Components section, configure the VMware Aria Operations for Networks platform node.
    1. In the vrni-platform section, configure the values according to your VMware Cloud Foundation Planning and Preparation Workbook.
    2. Click the Advanced configuration icon.

      The Advanced configuration dialog box opens.

    3. In the Infrastructure section, ensure the network matches the name of the network according to your value in the VMware Cloud Foundation Planning and Preparation Workbook.
    4. In the Network section, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook.
    5. In the Console password section, configure the value according to your VMware Cloud Foundation Planning and Preparation Workbook
    6. In the Support password section, configure the value according to your VMware Cloud Foundation Planning and Preparation Workbook.
    7. In the Advanced configuration, click Save.
  13. In the Components section, configure the VMware Aria Operations for Networks collector node.
    1. In the vrni-collector section, configure the values according to your VMware Cloud Foundation Planning and Preparation Workbook.
    2. Click the Advanced configuration icon.

      The Advanced configuration dialog box opens.

    3. In the Infrastructure section, ensure the network matches the name of the network according to your value in the VMware Cloud Foundation Planning and Preparation Workbook.
    4. In the Network section, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook.
    5. In the Console password section, configure the value according to your VMware Cloud Foundation Planning and Preparation Workbook
    6. In the Support password section, configure the value according to your VMware Cloud Foundation Planning and Preparation Workbook.
    7. In the Advanced configuration, click Save.
  14. On the Products page, click Next.
  15. On the Precheck page, click Run precheck.
  16. After all prechecks finish with a Passed messages, click Next.
  17. On the Summary page, review the configuration details and click Submit.
  18. On the Request details page, monitor the deployment progress until all stages become Completed.

Move the VMware Aria Operations for Networks Virtual Machines to the Dedicated Folders for Intelligent Network Visibility for VMware Cloud Foundation

Move the VMware Aria Operations for Networks virtual machines to the dedicated virtual machine and template folders that you previously created.

Procedure

  1. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui as [email protected].
  2. In the VMs and templates inventory, expand the management domain vCenter Server tree and expand the management domain data center.
  3. Right-click the VMware Aria Operations for Networks platform node and select Move to folder.
  4. In the Move to folder dialog box, select the folder created for VMware Aria Operations for Networks platform nodes virtual machines and click OK.

  5. Repeat this step for the VMware Aria Operations for Networks collector nodes and place those virtual machines in the collector nodes folder.