Begin the implementation of the Intelligent Operations Management for VMware Cloud Foundation validated solution by preparing your VMware Cloud Foundation instance for connecting to VMware Aria Operations.
Assign SDDC Manager Role to a Service Account for Intelligent Operations Management for VMware Cloud Foundation
To integrate VMware Aria Operations with VMware Cloud Foundation, you assign a service account role in SDDC Manager with the required privileges.
Procedure
- Log in to SDDC Manager at https://<sddc_manager_fqdn> with a user assigned the Admin role.
In the navigation pane, click
- On the Manage users page, click the Add user or group button.
- On the Add user or group page, in the Search user text box, enter the name of the service account according to the VMware Cloud Foundation Planning and Preparation Workbook.
In the table, under the User / group name column, select the check box next to the service account.
In the Role column, from the Choose role drop-down menu, select the Admin role and click Add.
Define a Custom Role in vSphere for Intelligent Operations Management for VMware Cloud Foundation
To integrate VMware Aria Operations with vSphere, you create a custom vSphere role with the required privileges in the vSphere client.
Procedure
- Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
- From the vSphere Client Menu, select Administration.
- In the left pane, select .
- From the Roles provider drop-down menu, select vsphere.local.
- Create a role for VMware Aria Operations in vSphere.
- Click New.
- In the Role name text box, enter VMware Aria Operations to vSphere Integration.
- Configure the privileges, and click Create.
Category
Privilege
Datastore
Allocate space
Browse datastore
Extension
All Extension Privileges
External stats provider
All External stats provider Privileges
Global
Global tag
Health
Manage custom attributes
Set custom attribute
System tag
Host
Performance
All Modify intervals Privileges
Resource
Assign virtual machine to resource pool
Migrate powered off virtual machine
Migrate powered on virtual machine
Storage views
View
Virtual machine
VM Storage policies
View VM storage policies
vSphere stats privileges
All vSphere stats Privileges
Configure Service Account Permissions for vSphere Integration for Intelligent Operations Management for VMware Cloud Foundation
To provide the necessary privileges to the service account for VMware Aria Operations to vSphere integration, you assign the custom role to the integration service account in vCenter Server.
Procedure
- Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
- From the vSphere Client Menu, select Administration.
In the left pane, select , and click the Add.
In the Add permission dialog box, configure the values for the VMware Aria Operations service account from your VMware Cloud Foundation Planning and Preparation Workbook, select the Propagate to children check box, and click OK.
Create Virtual Machine and Template Folders for the VMware Aria Operations Appliances for Intelligent Operations Management for VMware Cloud Foundation
Create folders in the management domain to group objects of the same type for easier management. You create two virtual machine folders on the management domain vCenter Server to group the VMware Aria Operations appliances - one folder for the analytics cluster appliances and another folder for the VMware Cloud Proxy appliances.
Procedure
- Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
In the VMs and templates inventory, navigate to the default management data center, right-click the data center, and select .
In the New folder dialog box, enter the folder name for the VMware Aria Operations analytics cluster virtual machines according to the VMware Cloud Foundation Planning and Preparation Workbook, and click OK.
Repeat these steps for creating the VM and template folder for the VMware Cloud Proxy appliances according to the values in your VMware Cloud Foundation Planning and Preparation Workbook.
Prepare the NSX to VMware Aria Operations Integration for Intelligent Operations Management for VMware Cloud Foundation
To integrate NSX with VMware Aria Operations, you create a certificate and private key and use them to configure a principal identity in NSX Manager.
Procedure
- Log in to SDDC Manager at <sddc_manager_fqdn>:22 as the vcf user by using a Secure Shell (SSH) client.
- Switch to the super user.
su
- Create the certificate and private key.
openssl req -newkey rsa:2048 -sha256 -x509 -days 365 -subj "/CN=nsx_local_manager_cluster_hostname" -extensions usr_cert -nodes -keyout nsx_local_manager_cluster_hostname.key -out nsx_local_manager_cluster_hostname.cer
Note:You use the
nsx_local_manager_cluster_hostname.keyandnsx_local_manager_cluster_hostname.cercontents to create a principal identity in NSX Manager and create a credential in VMware Aria Operations. - Log in to NSX Manager at https://<nsx_manager_fqdn>/login.jsp?local=true as admin.
- On the main navigation bar, click System.
In the left pane, under , click .
- On the User management page, click Add principal identity.
- In the Certificate PEM text box, paste the contents of the the
nsx_local_manager_cluster_hostname.cercertificate file. - Configure the remaining settings according to the values in your VMware Cloud Foundation Planning and Preparation Workbook and click Save.
- Repeat this procedure for each VI workload domain in the VMware Cloud Foundation instance.
