To integrate VMware Aria Automation and VMware Aria Automation Orchestrator with vSphere, create custom vSphere roles in the vSphere Client with the required privileges.

UI Procedure

  1. Log in to the VI workload domain vCenter Server at https://<vi_workload_vcenter_server_fqdn>/ui as [email protected].

  2. From the vSphere Client menu, select Administration.

  3. In the left pane, select Access Control > Roles.

  4. From the Roles provider drop-down menu, select the Single Sign-On domain.

  5. Create a role for VMware Aria Automation in vSphere.

    1. Click New.

    2. In the Role name text box, enter VMware Aria Automation to vSphere Integration.

    3. Configure the privileges and click Create.

      Category

      Privilege

      Content Library

      		 Add library item

      Create local library

      Create subscribed library

      Delete library item

      Delete local library

      Delete subscribed library

      Download files

      Evict library item

      Evict subscribed library

      Probe subscription information

      Read storage

      Sync library item

      Sync subscribed library

      Type introspection

      Update configuration settings

      Update files

      Update library

      Update library item

      Update local library

      Update subscribed library

      View configuration settings

      Datastore

      Allocate space

      Browse datastore

      Low level file operations

      Datastore Cluster

      Configure a datastore cluster

      Folder

      Create folder

      Delete folder

      Global

      Manage custom attributes

      Set custom attribute

      Network

      Assign network

      Permissions

      Modify permission

      Profile-driven storage (Not available for VMware Cloud Foundation 5.x)

      Profile-driven storage view

      Resource

      Assign virtual machine to resource pool

      Migrate powered off virtual machine

      Migrate powered on virtual machine

      vApp

      Import

      vApp application configuration

      Virtual Machine

      Change Configuration.Add existing disk

      Change Configuration.Add new disk

      Change Configuration.Add or remove device

      Change Configuration.Advanced configuration

      Change Configuration.Change CPU count

      Change Configuration.Change Memory

      Change Configuration.Change Settings

      Change Configuration.Change Swapfile placement

      Change Configuration.Change resource

      Change Configuration.Extend virtual disk

      Change Configuration.Modify device settings

      Change Configuration.Remove Disk

      Change Configuration.Rename

      Change Configuration.Set annotation

      Change Configuration.Toggle disk change tracking

      Edit Inventory.Create from existing

      Edit Inventory.Create new

      Edit Inventory.Move

      Edit Inventory.Remove

      Interaction.Configure CD media

      Interaction.Connect devices

      Interaction.Console interaction

      Interaction.Install VMware Tools

      Interaction.Power off

      Interaction.Power on

      Interaction.Reset

      Interaction.Suspend

      Provisioning.Clone template

      Provisioning.Clone virtual machine

      Provisioning.Customize guest

      Provisioning.Deploy template

      Provisioning.Read customization specifications

      Snapshot management.Create snapshot

      Snapshot management.Remove snapshot

      Snapshot management.Revert to snapshot

      vSphere Tagging

      Assign or unassign vSphere tag

      Assign or unassign vSphere tag on object

      Create a vSphere tag

      Create a vSphere tag category

      Delete vSphere tag

      Delete vSphere tag category

      Edit vSphere tag

      Edit vSphere tag category

      Modify UsedBy field for category

      Modify UsedBy field for tag

  6. Create a role for VMware Aria Automation Orchestrator in vSphere.

    1. Select the Administrator role and click Clone.

    2. In the Clone role dialog box, enter VMware Aria Automation Orchestrator to vSphere Integration and click OK.

  7. Repeat the procedure for each isolated VI workload domain vCenter Server.

PowerShell Procedure

  1. Start PowerShell.

  2. Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
$sddcManagerUser = "[email protected]"
$sddcManagerPass = "VMw@re1!"

$sddcDomainName = "sfo-w01"

$assemblerVsphereRoleName = "VMware Aria Automation to vSphere Integration"
$orchestratorVsphereRoleName = "VMware Aria Automation Orchestrator to vSphere Integration"

  3. Define a custom role in vSphere for the VMware Aria Automation service account.

    1. Perform the configuration by running the command in the PowerShell console.

      Add-vSphereRole -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -sddcDomain $sddcDomainName -roleName $assemblerVsphereRoleName

    2. In the dialog box that opens, select the aria-automation-assembler-vsphere-integration.role file.

  4. Define a custom role in vSphere for the VMware Aria Automation Orchestrator service account.

    1. Perform the configuration by running the command in the PowerShell console.

      Copy-vSphereRole -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -sddcDomain $sddcDomainName -sourceRoleName Admin -targetRoleName $orchestratorVsphereRoleName

  5. Repeat the procedure for each isolated VI workload domain vCenter Server.