After you implement the Private Cloud Automation for VMware Cloud Foundation validated solution, configure both monitoring and alerting for the VMware Aria Automation components in the VMware Cloud Foundation environment.

For validated monitoring solutions, see VMware Cloud Foundation Validated Solutions.

If VMware Aria Operations is integrated into your VMware Cloud Foundation system, you can use VMware Aria Operations to direct workload placement and assign the pricing policies for the monetary impact of deployments and their resources. You can also use VMware Aria Operations to display metrics, insights, optimization opportunities, and alerts in VMware Aria Automation.

Additionally, you can activate the native integration to VMware Aria Automation from VMware Aria Operations to provide the ability to monitor the health, efficiency, and capacity risks associated with VMware Aria Automation. You can use the integration to:
  • View the performance and health of VMware Aria Automation objects in VMware Aria Operations.

  • Troubleshoot vSphere, vSAN, and NSX issues associated with VMware Aria Automation cloud accounts.

Table 1. Design Decisions on Monitoring and Alerting for Private Cloud Automation

Decision ID

Design Decision

Design Justification

Design Implication

PCA-VAA-MON-001

Configure the VMware Aria Automation integration in VMware Aria Operations.

  • Provides the ability to share common constructs, such as cloud accounts, cloud zones, and projects, across VMware Aria Operations and VMware Aria Automation.

  • Provides the ability to understand the deployment cost.

    • Evaluate upfront costs on VMware Aria Automation.

    • Monitor ongoing costs per virtual machine, deployment, or project.

You must manage the password life cycle of this endpoint.

PCA-VAA-MON-002

Configure the VMware Aria Automation integration in VMware Aria Operations to use the default collector group.

Cross-instance components are configured to use the default collector group.

The load on the analytics cluster, though minimal, increases.

PCA-VAA-MON-003

Add an integration in VMware Aria Automation Assembler for VMware Aria Operations deployment.

  • You can use data from VMware Aria Operations in VMware Aria Automation to display live vSphere-based virtual machine metrics for CPU, memory, storage IOPS, and network MBps after placement. Metrics for the past day, week, or month are available.

  • You can use data from VMware Aria Operations in VMware Aria Automation to apply and display the cost estimation at the time of deployment and over time.

  • When configuring the integration, you must use a service account that is created for application-to-application integration for VMware Aria Automation to VMware Aria Operations.

  • When the service account password is updated, you must manage the service account password in the integration configuration.

  • You must configure VMware Aria Operations with VMware Aria Automation to ensure that both applications are set to the same time zone. VMware Aria Automation uses only UTC.

  • You must configure VMware Aria Operations with a currency setting to consume the VMware Aria Operations cost engine for VMware Aria Automation cost estimation.

  • The VMware Aria Operations integration is not used for workload placement in this design. The integration does not support resource pools in vCenter Server or vSAN datastores for workload placement.

  • Project costs include only the costs for private cloud workloads. If a project contains deployments that belong to public clouds, the costs for these deployments are not included in the project cost.

PCA-VAA-MON-004

Use the ADVANCED placement policy for each VMware Aria Automation cloud zone that is monitored by VMware Aria Operations.

By default, the workload placement evaluation uses the VMware Aria Operations recommendation.

  • You must integrate VMware Aria Automation with VMware Aria Operations in VMware Aria Automation Assembler.

  • The ADVANCED option for VMware Aria Operations does not support workload placement when resource pools in vCenter Server for workload placement are in use. If resource pools must be activated in a workload domain, the workload placement falls back to the DEFAULT placement policy. By default, all vSphere clusters have the vSphere Distributed Resource Scheduler activated to optimize initial and ongoing workload placement within a cluster.

PCA-VAA-MON-005

Add a Ping adapter for the VMware Aria Automation cluster nodes.

Provides metrics on the availability of VMware Aria Automation nodes.

You must add the adapter instances manually.

You configure the account associated with VMware Aria Automation for activating theVMware Aria Operations direct integration with VMware Aria Automation.

Table 2. Design Decision on Service Accounts for Monitoring and Alerting for Private Cloud Automation

Design Decision ID

Design Decision

Design Justification

Design Implication

PCA-VAA-MON-006

Assign the Organization Owner default role and the Assembler administrator service role to an enterprise directory service account user for the application-to-application communication from VMware Aria Operations to VMware Aria Automation.

Provides the following access control features:

  • VMware Aria Operations accesses VMware Aria Automation with the minimum set of required permissions for the integration.

  • If there is a compromised account, the accessibility in the destination application remains restricted.

  • You can introduce improved accountability in tracking request-response interactions between the VMware Aria Operations and VMware Aria Automation integration.

None.

PCA-VAA-MON-007

Assign the ReadOnly role to an Active Directory user account as an integration account for the application-to-application communication from VMware Aria Automation to VMware Aria Operations.

Provides the following access control features:

  • VMware Aria Automation integrates VMware Aria Operations with the minimum set of required permissions.

  • If there is a compromised account, the accessibility in the destination application remains restricted.

  • You can introduce improved accountability in tracking request-response interactions between the VMware Aria Automation and VMware Aria Operations.

  • You must maintain the life cycle, availability, and security controls for the account in Active Directory.

  • You must maintain the synchronization and availability of the service account in Workspace ONE Access and VMware Aria Operations.

  • You must use the format of user@domain@source when configuring the integration to use a service account backed by Workspace ONE Access. For example, [email protected]@WorkspaceONE.

Important:

This solution is based on the use of Active Directory over LDAP with SSL used as the identity provider using Workspace ONE Access.

If Active Directory Federation Services (ADFS) is used as an identity provider for VMware Aria Operations, VMware Aria Automation cannot authenticate to VMware Aria Operations. A limitation exists where API-based logins to a system that uses a third-party identity provider, for example, ADFS with Workspace ONE Access. The user name and password cannot be sent over SAML to the identity provider for authentication.

Prerequisites

Verify that VMware Aria Operations is deployed and operational in a logical environment in VMware Cloud Foundation mode, using the corresponding VMware Aria Suite Lifecycle instance.