vRealize Automation provides a secure Web portal where authorized administrators, developers, and business users can request new IT services and manage specific cloud and IT resources according to business policies. Requests for IT services, including infrastructure, applications, desktops, and many others, are processed by using a common service catalog to provide a consistent user experience.


Installing vRealize Automation requires deploying the vRealize Automation appliance, and the vRealize Automation Infrastructure as a Service (IaaS) components on one or more Windows Server virtual machines or physical servers. You deploy the vRealize Automation appliance and then complete the installation using one of the following options:

  • A consolidated, browser-based installation wizard.

  • Separate browser-based appliance configuration, and separate Windows installations for IaaS server components.

  • A command line based, silent installer that takes input from an answer properties file.

  • An installation REST API that takes JSON formatted input.

vRealize Automation Architecture

vRealize Automation provides self-service provisioning, IT services delivery and lifecycle management of cloud services across a many multi-vendor virtual, physical, and cloud platforms using a flexible distributed architecture. The two main functional elements of the architecture are the vRealize Automation appliance and the IaaS components.

Figure 1. vRealize Automation Architecture

vRealize Automation consists of vRealize Automation appliances and of IaaS components. The appliance provides a central port for workload provisioning. The IaaS components provision tenant workloads on the cloud infrastructure.
vRealize Automation Appliance

The vRealize Automation appliance is available as a pre-configured Linux virtual appliance in OVF. You deploy the appliance on existing virtualized infrastructure such as vSphere. The vRealize Automation appliance performs the following functions:

  • vRealize Automation product portal, where users access self-service provisioning and management of cloud services.

  • Single sign-on (SSO) for user authorization and authentication.

  • Management interface for vRealize Automation appliance settings.

Embedded vRealize Orchestrator

The vRealize Automation appliance contains a pre-configured instance of vRealize Orchestrator. vRealize Automation uses vRealize Orchestrator workflows and actions to extend its provisioning capabilities.

PostgreSQL Database

vRealize Server uses a pre-configured PostgreSQL database that is included in the vRealize Automation appliance. The instance of vRealize Orchestrator in the vRealize Automation appliance also uses this database.

Infrastructure as a Service

vRealize Automation IaaS part consists of one or more Microsoft Windows Server instances that work together to model and provision systems in private, public, or hybrid cloud infrastructures.

Model Manager

vRealize Automation uses models to facilitate integration with external systems and databases. The models implement business logic used by the Distributed Execution Manager (DEM).

The Model Manager provides services and utilities for persisting, versioning, securing, and distributing model elements. The Model Manager is hosted on one of the IaaS Web servers and communicates with DEMs, the Microsoft SQL Server database, and the product interface Web site.

IaaS Web Server

The IaaS Web server provides infrastructure administration and service authoring to the vRealize Automation product interface. The web server component communicates with the Manager Service, which provides updates from the DEM, SQL Server database, and agents.

Manager Service

The Manager Service is Windows service that coordinates the communication between IaaS DEMs, the SQL Server database, agents, and SMTP. The Manager Service communicates with the Web server through the Model Manager, and must be run under a domain account with administrator privileges on all IaaS Windows Server instances.

Distributed Execution Manager Orchestrator

A Distributed Execution Manager (DEM) performs the business logic of custom models, interacting with the database and with external databases and systems as required. A DEM orchestrator is responsible for monitoring DEM worker instances, pre-processing workflows for execution, and scheduling workflows.

Distributed Execution Manager Worker

The IaaS DEM worker performs provisioning and de-provisioning tasks initiated by the vRealize Automation portal. DEM workers also communicate with specific infrastructure endpoints.

Proxy Agents

vRealize Automation IaaS uses agents to integrate with external systems and to manage information among vRealize Automation components. For example, a vSphere proxy agent sends commands to and collects data from an ESXi host about the virtual machines that you provisioned from vRealize Automation.

VMware Identity Manager

VMware Identity Manager is the main identity provider for vRealize Automation. VMware Identity Manager manages user authentication, roles, permissions, and overall access to vRealize Automation using federated identity brokering. The following authentication methods are supported in vRealize Automation using VMware Identity Manager:

  • User name-password providing single-factor password authentication with basic Active Directory configuration or for local users

  • Kerberos

  • Smart Card / Certificate

  • RSA SecurID


  • RSA Adaptive Authentication

  • SAML Authentication

Deployment Model

You can deploy vRealize Automation in one of the following configurations:

  • Small deployment for up to 10,000 managed virtual machines

    • vRealize Automation appliance, potentially behind a load balancer

    • IaaS node

    • Microsoft SQL Server

  • Medium deployment for up to 30,000 managed virtual machines

    • 3 vRealize Automation appliances behind a load balancer

    • 2 IaaS Web/Manager servers behind a load balancer

    • 2 IaaS DEM servers

    • 2 IaaS Proxy Agents

    • Microsoft SQL Server

  • Large deployment for up to 50,000 managed virtual machine

    • 3 vRealize Automation appliances behind a load balancer

    • 2 IaaS Web servers behind a load balancer

    • 2 IaaS Manager servers behind a load balancer

    • 2 IaaS DEM servers

    • 2 IaaS Proxy Agents

    • Microsoft SQL Server

To address future growth of tenant workloads beyond 10,000 virtual machines without more operational overhead, this design implements a large deployment of vRealize Automation.

Multi-Region vRealize Automation Deployment

The scope of this validated design can cover both multiple regions and availability zones.

The scope of the VMware Validated Design includes vRealize Automation appliance large-scale distributed deployment designed for a complete and highly available cloud management solution that includes:

Table 1. vRealize Components that Are Failed Over

Failed Over

3 vRealize Automation appliances behind a load balancer


2 IaaS Web servers behind a load balancer


2 IaaS Manager Service nodes (including DEM orchestrator) behind a load balancer


2 DEM Worker nodes


2 vSphere Proxy Agent nodes

Microsoft SQL Server


In a multi-availability zone implementation, which is a super-set of the multi-region design, vRealize Automation continues to provide provisioning of tenant workloads in all regions of the SDDC. All components of the vRealize Automation reside in Availability Zone 1 in Region A. If this zone becomes compromised, all nodes are brought up in Availability Zone 2.