You can minimally configure VMware Tanzu Application Service for VMs (TAS for VMs) for evaluation or testing purposes. It does not include optional configurations such as external databases or external file storage.

For production deployments, VMware recommends following the procedure starting with Prerequisites.

Prerequisites

Before you begin, ensure that you have successfully completed the steps to prepare your environment for Operations Manager and install and configure the BOSH Director.

Add TAS for VMs to VMware Tanzu Operations Manager

To add TAS for VMs to Tanzu Operations Manager:

  1. If you have not already downloaded TAS for VMs, log in to Broadcom Support and click VMware Tanzu Application Service for VMs.

  2. From the Releases drop-down menu, select the release to install and choose one of the following:

  3. Click VMware Tanzu Application Service for VMs to download the TAS for VMs .pivotal file.
  4. Click Small Footprint TAS for VMs to download the Small Footprint TAS for VMs .pivotal file.

  5. Go to the Tanzu Operations Manager Installation Dashboard.

  6. Click Import a Product to add your tile to Tanzu Operations Manager. For more information, see Adding and Deleting Products.

  7. Click the TAS for VMs tile.

Configure TAS for VMs

To install TAS for VMs with minimal configuration:

  1. Follow the procedure in Assign AZs and Networks in Add TAS for VMs to Tanzu Operations Manager.

  2. Follow the procedure in Configure Domains.

  3. Select Networking.

  4. Under Certificates and private keys for the Gorouter, you must provide at least one certificate and private key name and certificate key pair for the Gorouter. The Gorouter is activated to receive TLS communication by default. You can configure multiple certificates for the Gorouter.

    Important When providing custom certificates, enter them in this order: wildcard, Intermediate, CA. For more information, see Creating a .pem File for SSL Certificate Installations in the DigiCert documentation.

    Click Add to add a name for the certificate chain and its private key pair. This certificate is the default used by the Gorouter. You can either provide a certificate signed by a Certificate Authority (CA) or click Generate RSA Certificate to generate a self-signed certificate in Tanzu Operations Manager.

    If you configured Tanzu Operations Manager Front End without a certificate, you can use this new certificate to complete your Tanzu Operations Manager configuration. To configure your Tanzu Operations Manager Front End certificate, see Configure Front End in Preparing to Deploy Tanzu Operations Manager on GCP.

    Ensure that you add any certificates that you generate in this pane to your infrastructure load balancer.

Setting appropriate ASGs is critical for a secure deployment.

Follow these steps to set ASGs:

  1. Select App Security Groups.
  2. Acknowledge You are responsible for setting the appropriate ASGs after TAS for VMs finishes deploying.
  3. Click Save.

    For more information about ASGs, see App Security Groups and Restricting app access to internal TAS for VMs components.

  4. Under SAML service provider credentials, enter a certificate and private key for the User Account and Authentication (UAA) server to use as a SAML service provider for signing outgoing SAML authentication requests. You can provide an existing certificate and private key from your trusted CA or generate a self-signed certificate. The domain *.login.SYSTEM-DOMAIN must be associated with the certificate, where SYSTEM-DOMAIN is the system domain you configured in the Domains pane.

    Important The Single Sign-On for VMware Tanzu service and Spring Cloud Services for VMware Tanzu tiles require the *.login.SYSTEM-DOMAIN.

  1. Select UAA.

  2. If the private key specified under SAML service provider credentials is password-protected, enter the password in Private key password.

  3. Select CredHub.

  4. Under Internal encryption provider keys, specify one or more keys to use for encrypting and decrypting the values stored in the CredHub database:

    • Name: This is the name of the encryption key.
    • Key: This key is used for encrypting all data. The key must be at least 20 characters long.
  5. Primary: This check box is used for marking the key you specified as the primary encryption key. You must mark one key as Primary. Do not mark more than one key as Primary.

  6. Go to the Internal MySQL pane.

  7. In the Email address field, enter the email address where the MySQL service sends alerts when the cluster experiences a replication issue or when a node is not allowed to auto rejoin the cluster.

  8. Select Resource Config.

  9. In the Resource Config pane, you must associate load balancers with the VMs in your deployment to activate traffic. For more information, see Configure Load Balancing for TAS for VMs.

Complete the TAS for VMs installation

To complete the TAS for VMs installation:

  1. Click the Installation Dashboard link to return to the Tanzu Operations Manager Installation Dashboard.

  2. Click Review Pending Changes, then Apply Changes.

check-circle-line exclamation-circle-line close-line
Scroll to top icon