You reuse or create a cross-instance environment in VMware Aria Suite Lifecycle and deploy the VMware Aria Operations analytics cluster and VMware Cloud Proxy appliances.
Prerequisites
Prerequisite |
Value |
---|---|
Environment |
|
Software |
Verify that the VMware Aria Operations and VMware Cloud Proxy product binaries are available. |
License |
Verify that you obtained the VMware Aria Suite or VMware Aria Operations license with a quantity that fulfills the requirements of this design. |
Active Directory |
|
Workspace ONE Access |
Verify that the required Active Directory directories are configured with Active Directory over LDAPS. This configuration ensures that the Active Directory users and groups for use by VMware Aria Operations are synchronized to the clustered Workspace ONE Access deployment. |
Certificate Authority |
This solution uses Microsoft Active Directory Certificate Services for Certificate Authority and the PowerShell Module for VMware Validated Solutions to generate the required certificates. However, this mosule also supports generating certificate signing requests (CSRs) for third party certificate authorities for import to the VMware Aria Suite Lifecycle locker.
|
Import the VMware Aria Operations OVA to vSphere Content Library for Intelligent Operations Management for VMware Cloud Foundation
To deploy VMware Aria Operations by using VMware Aria Suite Lifecycle, you must first import the VMware Aria Operations OVAs into your operational management vSphere Content library.
Procedure
You import the VMware Aria Operations OVA and the VMware Cloud Proxy OVA.
- Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
- From the vSphere Client drop-down menu, select Content libraries.
- On the Content libraries page, click your library for operational management.
- In the left pane, click OVF & OVA templates.
- Import the VMware Aria Operations OVA.
- From the Actions drop-down menu, select Import item.
- In the Import library item dialog box, select Local file and click Upload files.
- Navigate to the VMware Aria Operations OVA and click Open.
- In the Import library item dialog box, click Import and wait for the process to complete.
- Repeat the previous step to import the VMware Cloud Proxy OVA.
Add the VMware Aria Operations License to VMware Aria Suite Lifecycle for Intelligent Operations Management for VMware Cloud Foundation
You can license VMware Aria Operations individually or as part of VMware Aria Suite. If you have not added the VMware Aria Suite license to VMware Aria Suite Lifecycle as part of another solution, you can add the license to the VMware Aria Suite Lifecycle locker before deploying VMware Aria Operations. Alternatively, during the deployment, you can add the license.
Procedure
- Log in to VMware Aria Suite Lifecycle at https://<aria_suite_lifecycle_fqdn> as vcfadmin@local.
- On the My services page, click Locker.
-
In the navigation pane, click Licenses.
-
To add the license manually, click Add license manually, enter the VMware Aria Suite or VMware Aria Operations license alias and key.
-
Click Validate.
-
After successful validation, click Add.
Generate the Certificate for VMware Aria Operations and Import it in VMware Aria Suite Lifecycle for Intelligent Operations Management for VMware Cloud Foundation
To prepare VMware Aria Suite Lifecycle for deploying VMware Aria Operations, you must generate an SSL certificate using the PowerShell module for VMware Validated Solutions and add the certificate to the VMware Aria Suite Lifecycle locker.
Procedure
- Generate an SSL certificate for VMware Aria Operations by using the PowerShell module for VMware Validated Solutions.
-
Start PowerShell.
- Replace the values in the variables below and run the commands.
$commonName = "xint-ops01.rainpole.io" $subjectAltNames = "xint-ops01.rainpole.io, xint-ops01a.rainpole.io, xint-ops01b.rainpole.io, xint-ops01c.rainpole.io, sfo-ops-pxy01a.sfo.rainpole.io, sfo-ops-pxy01b.sfo.rainpole.io" $encryptionKeySize = 2048 $certificateExpiryDays = 730 $orgName = "rainpole" $orgUnitName = "Platform Engineering" $orgLocalityName = "San Francisco" $orgStateName = "California" $orgCountryCode = "US" $caType = "msca" $caFqdn = "rpl-ad01.rainpole.io" $caUsername = "Administrator" $caPassword = "VMw@re1!" $caTemplate = "VMware" $outputPath = ".\certificates\" $csrFilePath = Join-Path $outputPath "$commonName.csr" $keyFilePath = Join-Path $outputPath "$commonName.key" $crtFilePath = Join-Path $outputPath "$commonName.crt" $rootCaFilePath = Join-Path $outputPath "$caFqdn-rootCa.pem"
-
Perform the configuration by running the command in the PowerShell console.
Invoke-GeneratePrivateKeyAndCsr -outDirPath $outputPath -commonName $commonName -subjectAlternativeNames $subjectAltNames -keySize $encryptionKeySize -expireDays $certificateExpiryDays -organization $orgName -organizationUnit $orgUnitName -locality $orgLocalityName -state $orgStateName -country $orgCountryCode Invoke-RequestSignedCertificate -caFqdn $caFqdn -csrFilePath $csrFilePath -outDirPath $outputPath -certificateAuthority $caType -username $caUsername -password $caPassword -certificateTemplate $caTemplate -getCArootCert Invoke-GenerateChainPem -outDirPath $outputPath -keyFilePath $keyFilePath -crtFilePath $crtFilePath -rootCaFilePath $rootCaFilePath
-
- Add the new SSL certificate to the VMware Aria Suite Lifecycle locker.
- Log in to VMware Aria Suite Lifecycle at https://<aria_suite_lifecycle_fqdn> as vcfadmin@local.
- On the My services page, click Locker.
- In the navigation pane, click Certificates.
- On the Certificates page, click Import.
- On the Import certificate page, enter a name for the VMware Aria Operations certificate according to your VMware Cloud Foundation Planning and Preparation Workbook.
- Click Browse file, navigate to the VMware Aria Operations certificate file (.pem), and click Open.
- On the Import certificate page, click Import.
Add the VMware Aria Operations Password to VMware Aria Suite Lifecycle for Intelligent Operations Management for VMware Cloud Foundation
Before deploying VMware Aria Operations by using VMware Aria Suite Lifecycle, you must add the password for the VMware Aria Operations appliance root user to the VMware Aria Suite Lifecycle locker. Additionally, if you have not created the VMware Aria Suite Lifecycle cross-instance environment as part of another validated solution, before creating the cross-instance environment for VMware Aria Operations, you must add the password for the environment admin account to the locker.
VMware Aria Suite Lifecycle uses the VMware Aria Operationsroot password only for the VMware Aria Operations deployment. After deploying VMware Aria Operations in a VMware Aria Suite Lifecycle logical environment in VMware Cloud Foundation mode, the root password for the VMware Aria Operations appliances is managed by SDDC Manager. See Password Management Design for VMware Aria Operations for Intelligent Operations Management for VMware Cloud Foundation.
If you have a VMware Aria Automation implementation in your VMware Cloud Foundation environment as another validated solution, you already added the admin password for the VMware Aria Suite Lifecycle cross-instance environment.
Procedure
- Log in to VMware Aria Suite Lifecycle at https://<aria_suite_lifecycle_fqdn> as vcfadmin@local.
- On the My services page, click Locker.
In the navigation pane, click Passwords.
On the Passwords page, click Add.
On the Add password page, configure the VMware Aria Operationsroot password according to your VMware Cloud Foundation Planning and Preparation Workbook and click Add.
If you have not integrated VMware Aria Automation as another validated solution, repeat the procedure for the admin password for the VMware Aria Suite Lifecycle cross-instance environment.
Deploy VMware Aria Operations by Using VMware Aria Suite Lifecycle for Intelligent Operations Management for VMware Cloud Foundation
Configure the deployment for VMware Aria Operations in a VMware Aria Suite Lifecycle logical environment in VMware Cloud Foundation mode.
Procedure
- Log in to VMware Aria Suite Lifecycle at https://<aria_suite_lifecycle_fqdn> as vcfadmin@local.
- On the My services page, click Lifecycle operations.
- Add the Load Balancer for VMware Aria Operations.
In the left pane, click Settings and click the Load Balancer card.
On the Load Balancer page, click Add Load Balancer.
-
In the Add Load Balancer dialog box, configure the following setting, configure the remaining settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Add.
Setting
Value
Controller type
VMware Cloud Foundation managed NSX-T
Reuse or create the cross-instance environment.
If you have a VMware Aria Automation implementation in your VMware Cloud Foundation environment as another validated solution, in the left navigation pane, click Environments, in the card of the cross-instance environment with VMware Aria Automation , click the horizontal ellipsis, and select Add product.
If you do not have a VMware Aria Automation implementation in your VMware Cloud Foundation environment as another validated solution, in the left navigation pane, click Create environment, configure the following settings, configure the remaining settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Next.
Setting
Value
Activate SDDC Manager integration
Enabled
JSON configuration
Disabled
Join the VMware Customer Experience Improvement Program
Selected
Note:When you activate the VMware Cloud Foundation mode, you initialize the creation of the NSX load balancer for VMware Aria Operations and you ensure the password management and the product visibility in SDDC Manager.
On the Select product page, select the check box for VMware Aria Operations , configure the settings, and click Next.
Setting
Value
Installation type
New install
Version
Select the compatible version for the corresponding VMware Cloud Foundation release.
Deployment type
Medium
Node count
3
On the End user license agreement page, agree to license agreement, and click Next.
On the License page, select or manually add the VMware Aria Suite or VMware Aria Operations license, click Validate association, and click Next.
To select the license from the locker, click Select, select the license alias and click Update, click Validate Association.
To add the license manually, click Add, enter the license alias and key, click Validate, and click Add.
On the Certificate page, from the Select certificate drop-down menu, select the appropriate certificate for VMware Aria Operations and click Next.
On the Infrastructure page, configure the following settings, configure the remaining settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Next.
Setting
Value
Select resource pool
n/a
Select disk mode
Thin
Use content library
Enabled
Note:The resource pool setting is applicable for VMware Cloud Foundation consolidated management consumption model.
On the Binary Mapping page, click Select content library item , click the check box next to VMware Aria Operations and the Cloud Proxy from the list and click Select.
Map the right product to the content libaray item from the drop down and click Next.
On the Network page, review the settings and click Next.
On the Products page, in the Product properties section, configure the following settings, configure the remaining settings according to your VMware Cloud Foundation Planning and Preparation Workbook.
Setting
Value
Deactivate TLS version
TLSv1, TLSv1.1
Anti-affinity / affinity rule
Selected
DRS Anti-Affinity Rules Types
Selected (Keep virtual machines in seperate hosts)
In the Cluster virtual IP panel, select VMware Cloud Foundation managed NSX-T from the Controller Type drop down, select the FQDN from the drop down which was added earlier as part of the add Load Balancer procedure.
Configure the VMware Aria Operations primary node.
In the master panel, enter your values from the VMware Cloud Foundation Planning and Preparation Workbook.
On the right side of the master panel, click the Advanced configuration icon.
In the Storage extension text box, enter the name of the datastore according to your value in the VMware Cloud Foundation Planning and Preparation Workbook.
Under Default properties, from the Time zone drop-down menu, select UTC and click Save.
Configure the VMware Aria Operations replica node.
In the replica panel, enter your values from the VMware Cloud Foundation Planning and Preparation Workbook.
On the right side of the replica panel, click the Advanced configuration icon.
In the Storage extension text box, enter the name of the datastore according to your value in the VMware Cloud Foundation Planning and Preparation Workbook and click Save.
Configure the VMware Aria Operations data node.
In the data panel, enter your values from the VMware Cloud Foundation Planning and Preparation Workbook.
On the right side of the replica panel, click the Advanced configuration icon.
In the Storage extension text box, enter the name of the datastore according to your value in the VMware Cloud Foundation Planning and Preparation Workbook and click Save.
Above the master panel with the primary node configuration, in the Components panel, click the Add component icon and select Cloud Proxy.
Configure the first VMware Cloud Proxy for VMware Aria Operations appliance.
In the vrops-cloudproxy panel, from the Node size drop-down menu, select Small, and configure the settings according to your values in the VMware Cloud Foundation Planning and Preparation Workbook.
On the right side of the vrops-cloudproxy panel, click the Advanced configuration icon.
Under Infrastructure, configure the following settings, configure the remaining settings according to your VMware Cloud Foundation Planning and Preparation Workbook.
Setting
Value
Select resource pool
N/A
Select disk mode
Thin
Under Default properties, from the Time zone drop-down menu, select UTC and click Save.
Repeat step 17 to add the second VMware Cloud Proxy.
In the vrops-cloudproxy-2 panel, repeat step 18 for the second cloud proxy according to your values in the VMware Cloud Foundation Planning and Preparation Workbook.
Click Next.
On the Precheck page, click Run precheck.
After all prechecks finish with a Passed messages and click Next.
On the Summary page, review the configuration details.
- (Optional) To save the deployment configuration, click Export configuration.
Click Submit.
On the Request details page, monitor the deployment progress until all stages become Completed.
Activate Data Persistence on the VMware Cloud Proxy Appliances for Intelligent Operations Management for VMware Cloud Foundation
You activate data persistence to activate the ability to store data in case of network connectivity issues. You activate data persistence per cloud proxy appliance.
UI Procedure
- Log in to the VMware Aria Operations interface at https://<aria_operations_fqdn> with a user assigned the Administrator role.
- In the navigation pane, select .
- Activate data persistence for the VMware Cloud Proxy appliances.
- Select the first VMware Cloud Proxy appliance, click the vertical ellipsis and click Activate data persistence.
- In the Activate data persistence for selected items dialog box, click OK.
- Repeat this step the remaining VMware Cloud Proxy appliance.
Move the VMware Aria Operations Appliances to the Dedicated Folders for Intelligent Operations Management for VMware Cloud Foundation
Move the VMware Aria Operations analytics cluster and VMware Cloud Proxy appliances to the dedicated virtual machine and template folders that you previously created.
Procedure
- Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
- In the VMs and templates inventory, expand the management domain vCenter Server tree and expand the management domain data center.
Right-click the first node of the VMware Aria Operations cluster and select Move to folder.
In the Move to folder dialog box, select the folder created for VMware Aria Operations analytics cluster virtual machine as per the VMware Cloud Foundation Planning and Preparation Workbook and click OK.
Repeat these steps for each of the remaining VMware Aria Operations analytics cluster virtual machines.
Repeat these steps for each VMware Aria Operations VMware VMware Cloud Proxy appliance to move it to the dedicated folder for the VMware Cloud Proxy for VMware Aria Operations appliances.
Configure vSphere DRS Anti-Affinity Rules for the VMware Aria Operations Appliances for Intelligent Operations Management for VMware Cloud Foundation
To protect the VMware Aria Operations appliances from an ESXi host-level failure, configure vSphere DRS to run the VMware Cloud Proxy appliances on different ESXi hosts in the default management vSphere cluster.
You create a anti-affinity rule for the VMware Aria Operations VMware Cloud Proxy appliances. This rule configuration also accommodates the case when you place a host from the default management vSphere cluster in maintenance mode.
Procedure
- Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
- In the Hosts and clusters inventory, expand the management domain vCenter Server tree and expand the management domain data center.
Select the default management vSphere cluster and click the Configure tab.
In the left pane, select Add VM/Host rule.
and click-
Configure the following settings, enter your values for the cloud proxy rule from the VMware Cloud Foundation Planning and Preparation Workbook, and click OK.
Setting
Value
Enable rule
Selected
Type
Separate virtual machines
Create a VM Group and Define the Startup Order of the VMware Aria Operations Analytics Cluster Appliances for Intelligent Operations Management for VMware Cloud Foundation
By using VM groups, you can define the startup order of appliances. The startup order you define ensures that vSphere HA powers on the clustered Workspace ONE Access appliances before the VMware Aria Operations analytics cluster appliances.
Procedure
- Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
- In the Hosts and clusters inventory, expand the management domain vCenter Server tree and expand the management domain data center.
Select the default management vSphere cluster and click the Configure tab.
Create a virtual machine group for the VMware Aria Operations analytics cluster virtual machines.
In the left pane, select Add VM/Host group.
and clickFrom the Type drop-down menu, select VM group.
Enter your values from the VMware Cloud Foundation Planning and Preparation Workbook and click OK.
Create a rule to power on the clustered Workspace ONE Access virtual machines before the VMware Aria Operations analytics cluster virtual machines.
In the left pane, select Add VM/Host rule.
and clickConfigure the following settings, enter your values from the VMware Cloud Foundation Planning and Preparation Workbook, and click OK.
Setting
Value
Enable rule
Selected
Type
Virtual machines to virtual machines
Create a VM Group and Define the Startup Order of the VMware Aria Operations Cloud Proxy Appliances for Intelligent Operations Management for VMware Cloud Foundation
Create a VM group for the VMware Aria Operations Cloud Proxy appliances and define start up order to ensures that vSphere HA powers on the VMware Aria Operations analytics cluster appliances before the VMware Aria Operations Cloud Proxy appliances.
Procedure
- Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
- In the Hosts and clusters inventory, expand the management domain vCenter Server tree and expand the management domain data center.
Select the default management vSphere cluster and click the Configure tab.
Create a virtual machine group for the VMware Aria Operations Cloud Proxy appliances.
In the left pane, select Add VM/Host group.
and clickFrom the Type drop-down menu, select VM group.
Enter your values from the VMware Cloud Foundation Planning and Preparation Workbook and click OK.
Create a rule to power on the VMware Aria Operations analytics cluster virtual machines before the VMware Cloud Proxy appliances.
In the left pane, select Add VM/Host rule.
and clickConfigure the following settings, enter your values from the VMware Cloud Foundation Planning and Preparation Workbook, and click OK.
Setting
Value
Enable rule
Selected
Type
Virtual machines to virtual machines
Add the VMware Aria Operations Appliances to the First Availability Zone VM Group for Intelligent Operations Management for VMware Cloud Foundation
If the management domain is configured with two availability zones, to provide failover to the second availability zone, move the VMware Aria Operations appliances to the VM group for the first availability zone. The virtual machine write operations are performed synchronously across both availability zones and each availability zone has a copy of the data.
Procedure
- Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
- In the Hosts and clusters inventory, expand the management domain vCenter Server tree and expand the management domain data center.
Select the default management vSphere cluster and click the Configure tab.
In the left pane, select
.Select the VM group for the first availability zone according to your value in the VMware Cloud Foundation Planning and Preparation Workbook and click Add VM/Host group members.
In the Add group member dialog box, select the virtual machines of the VMware Aria Operations analytics cluster and VMware Cloud Proxy appliances, and click OK.
Group the VMware Cloud Proxy Appliances for Intelligent Operations Management for VMware Cloud Foundation
Join the VMware Cloud Proxy for VMware Aria Operations appliances in a collector group for adapter resiliency in case a VMware Cloud Proxy experiences network interruption or becomes unavailable.
Procedure
- Log in to the VMware Aria Operations interface at https://<aria_operations_fqdn> with a user assigned the Administrator role.
In the navigation pane, click Administration > Cloud proxies.
Click Collector Groups tab.
Click Add, configure the settings according to your values in the VMware Cloud Foundation Planning and Preparation Workbook, and click Save.
Synchronize the Active Directory Groups for VMware Aria Operations in Workspace ONE Access for Intelligent Operations Management for VMware Cloud Foundation
Before you configure identity and access management for VMware Aria Operations, you must synchronize the Active Directory users and groups for use by VMware Aria Operations to the clustered Workspace ONE Access instance.
You synchronize the following Active Directory groups:
Admin
Content Admin
Read Only
Procedure
- Log in to the clustered Workspace ONE Access deployment at https://<clustered_workspace_one_access_fqdn>/admin with a user assigned the administrator role.
On the main navigation bar, click Identity & Access management.
Click the Directories tab and select your directory name.
On the Settings tab, click Sync settings.
Click the Groups tab.
Under Groups to sync, click Select.
In the Select the Active Directory group DNs dialog box, select the Active Directory group names according to your values in the VMware Cloud Foundation Planning and Preparation Workbook.
Click Save and click Save and sync.
To initialize the directory import, click Sync directory.
Configure User Access in VMware Aria Operations for Intelligent Operations Management for VMware Cloud Foundation
To ensure that users log in with required role-based access controls, you configure the identity source groups that are synchronized in the clustered Workspace ONE Access deployment for VMware Aria Operations.
You assign the Administrator, ContentAdmin, and ReadOnly roles to the corresponding Active Directory groups according to your values in the VMware Cloud Foundation Planning and Preparation Workbook.
Procedure
- Log in to the VMware Aria Operations interface at https://<aria_operations_fqdn> with a user assigned the Administrator role.
In the navigation pane, click
.- On the Control panel page, click Access control.
- Click the User groups tab and, from the ellipsis drop-down menu, select Import from source.
- In the Import user groups dialog box, from the Import from drop-down menu, select the vIDMAuthSource - VMware Identity Manager instance as an authentication source.
- In the Domain name text box, enter the domain name.
In the Search prefix text box, enter the name of the Active Directory group for the Administrator role according to your values in the VMware Cloud Foundation Planning and Preparation Workbook and click Search.
- Select the group and click Finish.
- Click the vertical ellipsis for the group and, from the drop-down menu, select Edit.
- On the Edit user group page, in the Assign roles and scope section, configure the following settings and click Save.
Setting
Value
Role
Administrator
Scope
All objects
- Repeat this procedure for the ContentAdmin and the ReadOnly roles.
Set the Currency for Cost Calculation in VMware Aria Operations for Intelligent Operations Management for VMware Cloud Foundation
Set the currency unit that is used for all cost calculations in VMware Aria Operations.
Procedure
- Log in to the VMware Aria Operations interface at https://<aria_operations_fqdn> with a user assigned the Administrator role.
- In the navigation pane, select .
On the Global settings page, click Cost / price.
- Locate the Currency setting and click Set currency.
In the Set currency dialog box, select the target currency according to your value in the VMware Cloud Foundation Planning and Preparation Workbook.
- At the bottom of the Set currency dialog box, select the I understand that once my currency is set it can NOT be changed again for this installation check box and click Set currency.
- In the Info dialog box, click OK.
Configure Email Alert Plug-in Settings for VMware Aria Operations for Intelligent Operations Management for VMware Cloud Foundation
Configure email notifications in VMware Aria Operations, so that users receive administrative alerts from VMware Aria Operations about certain situations in the data center.
Procedure
- Log in to the VMware Aria Operations interface at https://<aria_operations_fqdn> with a user assigned the Administrator role.
In the navigation pane, select
.- On the Configurations page, click Outbound settings.
- On the Outbound settings tab, click Add.
In the Create new outbound instance page, configure the settings, configure the remaining settings according to the values in your VMware Cloud Foundation Planning and Preparation Workbook.
Setting
Value
Plug-in type
Standard Email Plugin
Use secure connection
Selected
Secure connection type
TLS
- To verify the connection with the SMTP server, click Test and click OK.
- In the Validate connection dialog box, click OK.
- Click Save.