Begin the implementation of the Intelligent Operations Management for VMware Cloud Foundation validated solution by preparing your VMware Cloud Foundation instance for connecting to VMware Aria Operations.

Assign SDDC Manager Role to a Service Account for Intelligent Operations Management for VMware Cloud Foundation

To integrate VMware Aria Operations with VMware Cloud Foundation, you assign a service account role in SDDC Manager with the required privileges.

Procedure

  1. Log in to SDDC Manager at https://<sddc_manager_fqdn> with a user assigned the Admin role.

  2. In the navigation pane, click Administration > Single sign on

  3. On the Manage users page, click the Add user or group button.

  4. On the Add user or group page, in the Search user text box, enter the name of the service account according to the VMware Cloud Foundation Planning and Preparation Workbook.

  5. In the table, under the User / group name column, select the check box next to the service account.

  6. In the Role column, from the Choose role drop-down menu, select the Admin role and click Add.

Define a Custom Role in vSphere for Intelligent Operations Management for VMware Cloud Foundation

To integrate VMware Aria Operations with vSphere, you create a custom vSphere role with the required privileges in the vSphere client.

Procedure

  1. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
  2. From the vSphere Client Menu, select Administration.
  3. In the left pane, select Access control > Roles.
  4. From the Roles provider drop-down menu, select vsphere.local.
  5. Create a role for VMware Aria Operations in vSphere.
    1. Click New.
    2. In the Role name text box, enter VMware Aria Operations to vSphere Integration.
    3. Configure the privileges, and click Create.

      Category

      Privilege

      Datastore

      Allocate space

      Browse datastore

      Extension

      All Extension Privileges

      External stats provider

      All External stats provider Privileges

      Global

      Global tag

      Health

      Manage custom attributes

      Set custom attribute

      System tag

      Host

      Inventory.Modify Cluster

      Performance

      All Modify intervals Privileges

      Resource

      Assign virtual machine to resource pool

      Migrate powered off virtual machine

      Migrate powered on virtual machine

      Storage views

      View

      Virtual machine

      Change Configuration.Change CPU Count

      Change Configuration.Change Memory

      Change Configuration.Change Resource

      Edit Inventory.Move

      Edit Inventory.Remove

      Guest Operations.All Privileges

      Interaction.Power Off

      Interaction.Power On

      Interaction.Reset

      Service configuration.Manage service configurations

      Service configuration.Modify service configuration

      Service configuration.Query service configurations

      Service configuration.Read service configuration

      Snapshot Management.Create Snapshot

      Snapshot Management.Remove Snapshot

      VM Storage policies

      View VM storage policies

      vSphere stats privileges

      All vSphere stats Privileges

Configure Service Account Permissions for vSphere Integration for Intelligent Operations Management for VMware Cloud Foundation

To provide the necessary privileges to the service account for VMware Aria Operations to vSphere integration, you assign the custom role to the integration service account in vCenter Server.

Procedure

  1. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
  2. From the vSphere Client Menu, select Administration.

  3. In the left pane, select Access control > Global permissions, and click the Add.

  4. In the Add permission dialog box, configure the values for the VMware Aria Operations service account from your VMware Cloud Foundation Planning and Preparation Workbook, select the Propagate to children check box, and click OK.

Create Virtual Machine and Template Folders for the VMware Aria Operations Appliances for Intelligent Operations Management for VMware Cloud Foundation

Create folders in the management domain to group objects of the same type for easier management. You create two virtual machine folders on the management domain vCenter Server to group the VMware Aria Operations appliances - one folder for the analytics cluster appliances and another folder for the VMware Cloud Proxy appliances.

Procedure

  1. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.

  2. In the VMs and templates inventory, navigate to the default management data center, right-click the data center, and select New folder > New VM and template folder.

  3. In the New folder dialog box, enter the folder name for the VMware Aria Operations analytics cluster virtual machines according to the VMware Cloud Foundation Planning and Preparation Workbook, and click OK.

  4. Repeat these steps for creating the VM and template folder for the VMware Cloud Proxy appliances according to the values in your VMware Cloud Foundation Planning and Preparation Workbook.

Prepare the NSX to VMware Aria Operations Integration for Intelligent Operations Management for VMware Cloud Foundation

To integrate NSX with VMware Aria Operations, you create a certificate and private key and use them to configure a principal identity in NSX Manager.

Procedure

  1. Log in to SDDC Manager at <sddc_manager_fqdn>:22 as the vcf user by using a Secure Shell (SSH) client.
  2. Switch to the super user.
    su
  3. Create the certificate and private key.
    openssl req -newkey rsa:2048 -sha256 -x509 -days 365 -subj "/CN=nsx_local_manager_cluster_hostname" -extensions usr_cert -nodes -keyout nsx_local_manager_cluster_hostname.key -out nsx_local_manager_cluster_hostname.cer
    Note:

    You use the nsx_local_manager_cluster_hostname.key and nsx_local_manager_cluster_hostname.cer contents to create a principal identity in NSX Manager and create a credential in VMware Aria Operations.

  4. Log in to NSX Manager at https://<nsx_manager_fqdn>/login.jsp?local=true as admin.
  5. On the main navigation bar, click System.

  6. In the left pane, under Settings, click User Management.

  7. On the User management page, click Add principal identity.
  8. In the Certificate PEM text box, paste the contents of the the nsx_local_manager_cluster_hostname.cer certificate file.

  9. Configure the remaining settings according to the values in your VMware Cloud Foundation Planning and Preparation Workbook and click Save.

  10. Repeat this procedure for each VI workload domain in the VMware Cloud Foundation instance.