Logical Design for Private Cloud Automation for VMware Cloud Foundation

The logical design of vRealize Automation includes all the integrations of vRealize Automation with the supporting infrastructure, private cloud services, and external solutions, such as source control, IPAM, Kubernetes, Terraform, and configuration management. The networking, identity and access management, product configurations, and secure access must be carefully designed for seamless integrations between vRealize Automation and other components.

The vRealize Automation cluster is in the middle of the first VMware Cloud Foundation instance. vRealize Automation uses the NSX Load Balancer to connect to the other building blocks of the VMware Cloud Foundation instance, such as integration accounts, private cloud accounts, identity management , other access interfaces. vRealize Automation uses the NSX Load Balancer to also connect externally to public cloud accounts and o second VMware Cloud Foundation instance. — Figure 1. Logical Design of vRealize Automation

Table 1. Logical Components for vRealize Automation
Single VMware Cloud Foundation Instance with a Single Availability Zone	Single VMware Cloud Foundation Instance with Multiple Availability Zones	Multiple VMware Cloud Foundation Instances
A three-node vRealize Automation cluster with an NSX load balancer deployed on the cross-instance NSX segment in the management domain. A vSphere Distributed Resource Scheduler anti-affinity rule ensures that the vRealize Automation cluster virtual machines are not running on the same ESXi host.	A three-node vRealize Automation cluster with an NSX load balancer deployed on the cross-instance NSX segment in the management domain. A vSphere Distributed Resource Scheduler anti-affinity rule ensures that the vRealize Automation cluster virtual machines are not running on the same ESXi host. A vSphere Distributed Resource Scheduler VM/Host rule ensures that the vRealize Automation cluster virtual machines are running on an ESXi host group in the first availability zone of the management domain.	In the first VMware Cloud Foundation instance, a three-node vRealize Automation cluster with an NSX load balancer deployed on the cross-instance NSX segment in the management domain. A vSphere Distributed Resource Scheduler anti-affinity rule ensures that the vRealize Automation cluster virtual machines are not running on the same ESXi host.

User Access

vRealize Automation provides a UI and RESTful API for consuming vRealize Automation services.

Cloud Accounts

vRealize Automation can simplify the multi-cloud experience by deploying and managing resources in private cloud and public cloud services. Each supported type of infrastructure is represented by a cloud account.

Private cloud
Public cloud

You add VI workload domains from a VMware Cloud Foundation instance as vCenter Server and NSX-T cloud accounts into vRealize Automation. With these cloud accounts, you can connect VI workload domains into vRealize Automation to facilitate comprehensive cloud automation services.

Supporting Infrastructure

vRealize Automation integrates with the following supporting infrastructure:

DNS for providing name resolution for the vRealize Automation components.
NTP for providing time synchronization to the vRealize Automation components.
SMTP for sending email notifications from vRealize Automation.
Workspace ONE Access, connected to an identity provider, for example, Active Directory, for identity and access management.

Integration with NSX-T Data Center

The integration of vRealize Automation with NSX-T Data Center supports designing and authoring cloud templates by using the networking and security features of NSX-T Data Center. You can use NSX-T Data Center network constructs, such as segments, routing, load balancing, and security groups.

You can configure automated network provisioning as a part of the cloud template design instead of as a separate operation outside vRealize Automation.

Usage Model

vRealize Automation provides a usage model that includes interaction between the cloud automation services, the supporting infrastructure, and the provisioning infrastructure. The usage model of vRealize Automation contains the following elements and components in them:

Users

Cloud, tenant, group, infrastructure, service, and other administrators as defined by business policies and organizational structure. Cloud or tenant users in an organization can provision virtual machines and directly perform operations on them at the level of the operating system.

Cloud Templates

Cloud templates are infrastructure-as-code. Cloud Assembly provides the creation of cloud templates in a design canvas, YAML, or HCL (Terraform).

Images and Flavors

Image and flavor mappings simplify the cloud template creation while adding greater flexibility and customization.

An image mapping groups a set of predefined target machine images for a specific cloud account region in Cloud Assembly by using natural language naming.

A flavor mapping groups a set of target deployment sizes for a specific cloud account region in Cloud Assembly by using natural language naming.

Provisioning infrastructure

Private and public cloud resources which together form a hybrid cloud.

Private cloud resources are supported hypervisors and associated management tools.

Public cloud resources are supported cloud providers and associated APIs.

Cloud Assembly

Self-service capabilities for users to administer, provision, and manage workloads.

The default tenant uses the vRealize Automation administrator portal to set up and administer tenants and global configuration options.

A custom tenant uses the vRealize Automation tenant portal, which you access by appending a tenant identifier.

Service Broker

Aggregates native content from multiple clouds and platforms into a single catalog with role-based policies.

vRealize Orchestrator

Provides a standard set of plug-ins, including a plug-in for vCenter Server, with which you can orchestrate tasks in the different environments that the plug-ins expose.