Begin the implementation of the Intelligent Operations Management for VMware Cloud Foundation validated solution by preparing your VMware Cloud Foundation instance for connecting to VMware Aria Operations.
Assign SDDC Manager Role to a Service Account for Intelligent Operations Management for VMware Cloud Foundation
To integrate VMware Aria Operations with VMware Cloud Foundation, you assign a service account role in SDDC Manager with the required privileges.
UI Procedure
- Log in to SDDC Manager at https://<sddc_manager_fqdn> with a user assigned the Admin role.
In the navigation pane, click
- On the Manage users page, click the Add user or group button.
- On the Add user or group page, in the Search user text box, enter the name of the service account according to the VMware Cloud Foundation Planning and Preparation Workbook.
In the table, under the User / group name column, select the check box next to the service account.
In the Role column, from the Choose role drop-down menu, select the Admin role and click Add.
PowerShell Procedure
Start PowerShell.
Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.
$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" $sddcManagerUser = "[email protected]" $sddcManagerPass = "VMw@re1!" $domainFqdn = "sfo.rainpole.io" $domainBindUser = "svc-vsphere-ad" $domainBindPass = "VMw@re1!" $iomVcfServiceAccount = "svc-iom-vcf"
Perform the configuration by running the command in the PowerShell console.
Add-SddcManagerRole -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domainFqdn -domainBindUser $domainBindUser -domainBindPass $domainBindPass -principal $iomVcfServiceAccount -role ADMIN -type user
Define a Custom Role in vSphere for Intelligent Operations Management for VMware Cloud Foundation
To integrate VMware Aria Operations with vSphere, you create a custom vSphere role with the required privileges in the vSphere client.
UI Procedure
- Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
- From the vSphere Client Menu, select Administration.
- In the left pane, select .
- From the Roles provider drop-down menu, select vsphere.local.
- Create a role for VMware Aria Operations in vSphere.
- Click New.
- In the Role name text box, enter VMware Aria Operations to vSphere Integration.
- Configure the privileges, and click Create.
Category
Privilege
Datastore
Allocate space
Browse datastore
Extension
Register extension
Unregister extension
Update extension
External stats provider
Register
Unregister
Update
Global
Global tag
Health
Manage custom attributes
Set custom attribute
System tag
Host
Performance
Modify intervals
VM Storage policies
View VM storage policies
Resource
Assign virtual machine to resource pool
Migrate powered off virtual machine
Migrate powered on virtual machine
Storage views
View
Virtual machine
vSphere stats privileges
Collect stats data
Modify stats configuration
Query stats data
PowerShell Procedure
Start PowerShell.
Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.
$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" $sddcManagerUser = "[email protected]" $sddcManagerPass = "VMw@re1!" $sddcDomainName = "sfo-m01" $iomVsphereRoleName = "VMware Aria Operations to vSphere Integration"
Perform the configuration by running the command in the PowerShell console.
Add-vSphereRole -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -sddcDomain $sddcDomainName -roleName $iomVsphereRoleName
In the dialog box that opens, navigate to the vSphereRoles folder and open the aria-operations-vsphere-integration.role file.
The default path for the vSphereRoles folder is C:\Program\Files\WindowsPowerShell\Modules\PowerValidatedSolutions\<powervalidatedsolutions_version>\vSphereRoles.
Configure Service Account Permissions for vSphere Integration for Intelligent Operations Management for VMware Cloud Foundation
To provide the necessary privileges to the service account for VMware Aria Operations to vSphere integration, you assign the custom role to the integration service account in vCenter Server.
UI Procedure
- Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
- From the vSphere Client Menu, select Administration.
In the left pane, select , and click the Add.
In the Add permission dialog box, configure the values for the VMware Aria Operations service account from your VMware Cloud Foundation Planning and Preparation Workbook, select the Propagate to children check box, and click OK.
PowerShell Procedure
Start PowerShell.
Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.
$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" $sddcManagerUser = "[email protected]" $sddcManagerPass = "VMw@re1!" $sddcDomainName = "sfo-m01" $domainFqdn = "sfo.rainpole.io" $domainBindUser = "svc-vsphere-ad" $domainBindPass = "VMw@re1!" $iomVsphereRoleName = "VMware Aria Operations to vSphere Integration" $iomVsphereServiceAccount = "svc-iom-vsphere"
Perform the configuration by running the command in the PowerShell console.
Add-vCenterGlobalPermission -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -sddcDomain $sddcDomainName -domain $domainFqdn -domainBindUser $domainBindUser -domainBindPass $domainBindPass -principal $iomVsphereServiceAccount -role $iomVsphereRoleName -propagate true -type user
Create Virtual Machine and Template Folders for the VMware Aria Operations Appliances for Intelligent Operations Management for VMware Cloud Foundation
Create folders in the management domain to group objects of the same type for easier management. You create two virtual machine folders on the management domain vCenter Server to group the VMware Aria Operations appliances - one folder for the analytics cluster appliances and another folder for the VMware Cloud Proxy appliances.
UI Procedure
- Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui as [email protected].
In the VMs and templates inventory, expand the management domain vCenter Server tree.
In the VMs and templates inventory, navigate to the default management data center, right-click the data center, and select .
In the New folder dialog box, enter the folder name for the VMware Aria Operations analytics cluster virtual machines according to the VMware Cloud Foundation Planning and Preparation Workbook, and click OK.
Repeat these steps for creating the virtual machine and template folder for the VMware Cloud Proxy appliances according to the values in your VMware Cloud Foundation Planning and Preparation Workbook.
PowerShell Procedure
Start PowerShell.
Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.
$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" $sddcManagerUser = "[email protected]" $sddcManagerPass = "VMw@re1!" $sddcDomainName = "sfo-m01" $vmFolderOperations = "xint-m01-fd-operations" $vmFolderProxies = "sfo-m01-fd-operations"
Perform the configuration by running the command in the PowerShell console.
Add-VMFolder -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $sddcDomainName -folderName $vmFolderOperations Add-VMFolder -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $sddcDomainName -folderName $vmFolderProxies
Prepare the NSX to VMware Aria Operations Integration for Intelligent Operations Management for VMware Cloud Foundation
To integrate NSX with VMware Aria Operations, you create a certificate and private key and use them to configure a principal identity in NSX Manager.
UI Procedure
- Log in to SDDC Manager at <sddc_manager_fqdn>:22 as the vcf user by using a Secure Shell (SSH) client.
- Switch to the super user.
su
- Create the certificate and private key.
openssl req -newkey rsa:2048 -sha256 -x509 -days 365 -subj "/CN=nsx_local_manager_cluster_hostname" -extensions usr_cert -nodes -keyout nsx_local_manager_cluster_hostname.key -out nsx_local_manager_cluster_hostname.cer
Note:You use the
nsx_local_manager_cluster_hostname.keyandnsx_local_manager_cluster_hostname.cercontents to create a principal identity in NSX Manager and create a credential in VMware Aria Operations. - Log in to NSX Manager at https://<nsx_manager_fqdn>/login.jsp?local=true as admin.
- On the main navigation bar, click System.
In the left pane, under , click .
- For NSX 3.2 or earlier on the User management page, from the Add drop-down menu, select Principal identity with role.
- For NSX 4.1 or later on the User management page, click Add principal identity.
- In the Certificate PEM text box, paste the contents of the the
nsx_local_manager_cluster_hostname.cercertificate file. - Configure the remaining settings according to the values in your VMware Cloud Foundation Planning and Preparation Workbook and click Save.
- Repeat this procedure for each VI workload domain in the VMware Cloud Foundation instance.
PowerShell Procedure
Start PowerShell.
Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.
$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" $sddcManagerUser = "[email protected]" $sddcManagerPass = "VMw@re1!" $sddcDomainName = "sfo-m01" $principalIdentity = "svc-iom-sfo-m01-nsx01"
Perform the configuration by running the command in the PowerShell console.
Add-NsxtPrincipalIdentity -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $sddcDomainName -principalId $principalIdentity -role enterprise_admin
Repeat this procedure for each VI workload domain in the VMware Cloud Foundation instance.
