Begin the implementation of the Intelligent Operations Management for VMware Cloud Foundation validated solution by preparing your VMware Cloud Foundation instance for connecting to VMware Aria Operations.

Assign SDDC Manager Role to a Service Account for Intelligent Operations Management for VMware Cloud Foundation

To integrate VMware Aria Operations with VMware Cloud Foundation, you assign a service account role in SDDC Manager with the required privileges.

UI Procedure

  1. Log in to SDDC Manager at https://<sddc_manager_fqdn> with a user assigned the Admin role.
  2. In the navigation pane, click Administration > Single sign on

  3. On the Manage users page, click the Add user or group button.
  4. On the Add user or group page, in the Search user text box, enter the name of the service account according to the VMware Cloud Foundation Planning and Preparation Workbook.
  5. In the table, under the User / group name column, select the check box next to the service account.

  6. In the Role column, from the Choose role drop-down menu, select the Admin role and click Add.

PowerShell Procedure

  1. Start PowerShell.

  2. Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
    $sddcManagerUser = "administrator@vsphere.local"
    $sddcManagerPass = "VMw@re1!"
    
    $domainFqdn = "sfo.rainpole.io"
    $domainBindUser = "svc-vsphere-ad"
    $domainBindPass = "VMw@re1!"
    
    $iomVcfServiceAccount = "svc-iom-vcf"
  3. Perform the configuration by running the command in the PowerShell console.

    Add-SddcManagerRole -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domainFqdn -domainBindUser $domainBindUser -domainBindPass $domainBindPass -principal $iomVcfServiceAccount -role ADMIN -type user

Define a Custom Role in vSphere for Intelligent Operations Management for VMware Cloud Foundation

To integrate VMware Aria Operations with vSphere, you create a custom vSphere role with the required privileges in the vSphere client.

UI Procedure

  1. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
  2. From the vSphere Client Menu, select Administration.
  3. In the left pane, select Access control > Roles.
  4. From the Roles provider drop-down menu, select vsphere.local.
  5. Create a role for VMware Aria Operations in vSphere.
    1. Click New.
    2. In the Role name text box, enter VMware Aria Operations to vSphere Integration.
    3. Configure the privileges, and click Create.

      Category

      Privilege

      Datastore

      Allocate space

      Browse datastore

      Extension

      Register extension

      Unregister extension

      Update extension

      External stats provider

      Register

      Unregister

      Update

      Global

      Global tag

      Health

      Manage custom attributes

      Set custom attribute

      System tag

      Host

      Inventory.Modify Cluster

      Performance

      Modify intervals

      VM Storage policies

      View VM storage policies

      Resource

      Assign virtual machine to resource pool

      Migrate powered off virtual machine

      Migrate powered on virtual machine

      Storage views

      View

      Virtual machine

      Change Configuration.Change CPU Count

      Change Configuration.Change Memory

      Change Configuration.Change Resource

      Edit Inventory.Move

      Edit Inventory.Remove

      Guest Operations.Guest Operation alias modification

      Guest Operations.Guest Operation alias query

      Guest Operations.Guest Operation modifications

      Guest Operations.Guest Operation program execution

      Guest Operations.Guest Operation queries

      Interaction.Power Off

      Interaction.Power On

      Interaction.Reset

      Service configuration.Manage service configurations

      Service configuration.Modify service configuration

      Service configuration.Query service configurations

      Service configuration.Read service configuration

      Snapshot Management.Create Snapshot

      Snapshot Management.Remove Snapshot

      vSphere stats privileges

      Collect stats data

      Modify stats configuration

      Query stats data

PowerShell Procedure

  1. Start PowerShell.

  2. Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
    $sddcManagerUser = "administrator@vsphere.local"
    $sddcManagerPass = "VMw@re1!"
    
    $sddcDomainName = "sfo-m01"
    
    $iomVsphereRoleName = "VMware Aria Operations to vSphere Integration"
  3. Perform the configuration by running the command in the PowerShell console.

    Add-vSphereRole -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -sddcDomain $sddcDomainName -roleName $iomVsphereRoleName
  4. In the dialog box that opens, navigate to the vSphereRoles folder and open the aria-operations-vsphere-integration.role file.

    The default path for the vSphereRoles folder is C:\Program\Files\WindowsPowerShell\Modules\PowerValidatedSolutions\<powervalidatedsolutions_version>\vSphereRoles.

Configure Service Account Permissions for vSphere Integration for Intelligent Operations Management for VMware Cloud Foundation

To provide the necessary privileges to the service account for VMware Aria Operations to vSphere integration, you assign the custom role to the integration service account in vCenter Server.

UI Procedure

  1. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
  2. From the vSphere Client Menu, select Administration.
  3. In the left pane, select Access control > Global permissions, and click the Add.

  4. In the Add permission dialog box, configure the values for the VMware Aria Operations service account from your VMware Cloud Foundation Planning and Preparation Workbook, select the Propagate to children check box, and click OK.

PowerShell Procedure

  1. Start PowerShell.

  2. Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
    $sddcManagerUser = "administrator@vsphere.local"
    $sddcManagerPass = "VMw@re1!"
    
    $sddcDomainName = "sfo-m01"
    
    $domainFqdn = "sfo.rainpole.io"
    $domainBindUser = "svc-vsphere-ad"
    $domainBindPass = "VMw@re1!"
    
    $iomVsphereRoleName = "VMware Aria Operations to vSphere Integration"
    $iomVsphereServiceAccount = "svc-iom-vsphere"
  3. Perform the configuration by running the command in the PowerShell console.

    Add-vCenterGlobalPermission -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -sddcDomain $sddcDomainName -domain $domainFqdn -domainBindUser $domainBindUser -domainBindPass $domainBindPass -principal $iomVsphereServiceAccount -role $iomVsphereRoleName -propagate true -type user

Create Virtual Machine and Template Folders for the VMware Aria Operations Appliances for Intelligent Operations Management for VMware Cloud Foundation

Create folders in the management domain to group objects of the same type for easier management. You create two virtual machine folders on the management domain vCenter Server to group the VMware Aria Operations appliances - one folder for the analytics cluster appliances and another folder for the VMware Cloud Proxy appliances.

UI Procedure

  1. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui as administrator@vsphere.local.
  2. In the VMs and templates inventory, expand the management domain vCenter Server tree.

  3. In the VMs and templates inventory, navigate to the default management data center, right-click the data center, and select New folder > New VM and template folder.

  4. In the New folder dialog box, enter the folder name for the VMware Aria Operations analytics cluster virtual machines according to the VMware Cloud Foundation Planning and Preparation Workbook, and click OK.

  5. Repeat these steps for creating the virtual machine and template folder for the VMware Cloud Proxy appliances according to the values in your VMware Cloud Foundation Planning and Preparation Workbook.

PowerShell Procedure

  1. Start PowerShell.

  2. Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
    $sddcManagerUser = "administrator@vsphere.local"
    $sddcManagerPass = "VMw@re1!"
    
    $sddcDomainName = "sfo-m01"
    
    $vmFolderOperations = "xint-m01-fd-operations"
    $vmFolderProxies = "sfo-m01-fd-operations"
  3. Perform the configuration by running the command in the PowerShell console.

    Add-VMFolder -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $sddcDomainName -folderName $vmFolderOperations
    
    Add-VMFolder -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $sddcDomainName -folderName $vmFolderProxies

Prepare the NSX to VMware Aria Operations Integration for Intelligent Operations Management for VMware Cloud Foundation

To integrate NSX with VMware Aria Operations, you create a certificate and private key and use them to configure a principal identity in NSX Manager.

UI Procedure

  1. Log in to SDDC Manager at <sddc_manager_fqdn>:22 as the vcf user by using a Secure Shell (SSH) client.
  2. Switch to the super user.
    su
  3. Create the certificate and private key.
    openssl req -newkey rsa:2048 -sha256 -x509 -days 365 -subj "/CN=nsx_local_manager_cluster_hostname" -extensions usr_cert -nodes -keyout nsx_local_manager_cluster_hostname.key -out nsx_local_manager_cluster_hostname.cer
    Note:

    You use the nsx_local_manager_cluster_hostname.key and nsx_local_manager_cluster_hostname.cer contents to create a principal identity in NSX Manager and create a credential in VMware Aria Operations.

  4. Log in to NSX Manager at https://<nsx_manager_fqdn>/login.jsp?local=true as admin.
  5. On the main navigation bar, click System.
  6. In the left pane, under Settings, click User Management.

  7. For NSX 3.2 or earlier on the User management page, from the Add drop-down menu, select Principal identity with role.
  8. For NSX 4.1 or later on the User management page, click Add principal identity.
  9. In the Certificate PEM text box, paste the contents of the the nsx_local_manager_cluster_hostname.cer certificate file.
  10. Configure the remaining settings according to the values in your VMware Cloud Foundation Planning and Preparation Workbook and click Save.
  11. Repeat this procedure for each VI workload domain in the VMware Cloud Foundation instance.

PowerShell Procedure

  1. Start PowerShell.

  2. Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
    $sddcManagerUser = "administrator@vsphere.local"
    $sddcManagerPass = "VMw@re1!"
    
    $sddcDomainName = "sfo-m01"
    
    $principalIdentity = "svc-iom-sfo-m01-nsx01"
  3. Perform the configuration by running the command in the PowerShell console.

    Add-NsxtPrincipalIdentity -server $sddcManagerFqdn -user  $sddcManagerUser -pass $sddcManagerPass -domain $sddcDomainName  -principalId $principalIdentity -role enterprise_admin
  4. Repeat this procedure for each VI workload domain in the VMware Cloud Foundation instance.