Updated on: 26 March 2021
VMware vRealize Automation Cloud
You can find information about these new features and more at VMware vRealize Automation Cloud and in the signpost and tooltip help in the user interface. Even more information is available when you open the in-product support panel where you can read and search for related topics, and view community posts and KBs, that appear for the active user interface page.
- What's New March 2021
- What's New February 2021
- What's New January 2021
- What's New December 2020
- What's New November 2020
- What's New October 2020
- What's New August 2020
- What's New July 2020
- What's New June 2020
- What's New May 2020
- What's New March 2020
- What's New February 2020
- What's New January 2020
- What's New October 2019
- What's New September 2019
- What's New August 2019
- What's New July 2019
- What's New June 2019
- What's New May 2019
vRO plug-in for vRA
VMware vRealize Orchestrator Plug-in for vRealize Automation allows interaction between vRealize Orchestrator and vRealize Automation.
The preconfigured workflows provided with the plug-in help you deploy and manage resources in vRealize Automation in automated way. In addition to the provided workflows, you can create and run custom workflows. Newly provided content in vRO that is compatible with vRA Cloud, provide solutions to the main customer use cases to create and run workflows for the main functions in vRA such as managing projects and users, use custom types, manage VMs, etc.
The March Cloud release supports:
- Host management and CRUD operations for on-prem and cloud vRA hosts
- Out of the box workflows for host management
- Preserved Authentication to the hosts and dynamic host creation
- Rest client for requests to vRA
Required: To use the plugin, you must download and install it from the marketplace. External vRO instances must be manually downloaded and installed.
Support for multi-vm/disk configuration
- You can specify the creation of multiple VMs with several disks attached to them.
- Support for Day 2 actions on all disks created for the VMs
- Easy identification of the disks attached to the respective VMs
Add disk with different sizes
vRA cloud templates allow configurations of different size disks.
Disk placement should align with the VM in Workload placement\Multi-VM scenario
Previously, when creating multiple VMs in a single deployment (using the count field), the disk might not attach to the same cluster that hosts the VM. Now, with vROps enhancements, the disk placement is always on the cluster that hosts the VM for optimal performance.
Policy criteria support for resource tags across all policy types
Support for resource based tags as additional criteria allows vRA cloud administrators to define granular policies that can target deployments with resources that have specific tags.
The resource tag policy criteria clause is consistently available across all policy types.
Networking: Reconfigure Existing Security group for vSphere and VMC - Iterative and Day 2
Reconfigure Security Group (Day-2 and Iterative deployment) action allows you to modify, add, or remove rules of an existing security group for a running application in vSphere or VMware Cloud on AWS. See Day 2 Actions.
Changing deployment projects for onboarded deployments
You can use the Change project action to update a project as a day 2 action for onboarded deployments
- Day 2 action is only available for onboarded deployments. If an onboarded deployment is updated to add any provisioned resources, the change project action won't be available. If the provisioned resource is deleted, then the change project action becomes available again.
- In case of any failure, the action is not automatically rolled back. You can manually initiate the action again.
- The same resource Cloud Zones must be present in the target Project otherwise subsequent day2 actions might not work as expected.
- See Day 2 Actions.
Single secret store
You can now create project service secrets. Secrets can be used to add encrypted input values to your extensibility actions. The extensibility action secrets feature added with the December 2020 release is now known as extensibility action constants. Learn more.
Action constants share the same list as the project service secrets. There is no action needed for users who have existing extensibility action constants from the previous release.
Operations center: optimizable deployment filter
Added a filter for deployments to be optimized: optimizable resources only.
When vROPs detects that there is a deployment that has optimization available:
- The optimization may include but not limited to: machines that can be resized, or deleted.
- Optimization data is calculated in the order of days
Operations center : Custom roles and other enhancements
Functionalities of HCMP (Insights, Alerts and Optimizations) can now be filtered by custom roles having read only/read write access to Cloud Zones, Projects, and Deployments. See organization and service roles, and custom roles.
Cloud zone insights now show projects along with their reclaimable capacity.
Optimizable deployments can now be filtered from the deployment list to easily reach them.
Specify order and SCSI controller for vSphere disks
When creating new disks with deployments, we are introducing the following functionality:
- In the cloud template, you can specify the order in which the disks are created. This allows for better identification of disks for day 2 actions. See Day 2 Actions.
- In the cloud template, you can specify which SCSI controller needs to be mapped to the disk. vRA supports a total of 4 SCSI controllers per deployment and you can choose among these 4 for each of the disks.
Support for disks which are part of the image template
There can be instances where an image template has disks in addition to the boot disk. In such cases, vRA supports these disks for day 2 actions. You can view these disks under the VM details. You can also take day 2 actions such as resize on these disks. This resize action is shown as the VM object in the deployment diagram and lists all disks connected to the VM. See Day 2 Actions.
Support for Azure image gallery
vRA Cloud now supports the image gallery to:
- Support provisioning using custom images residing in an image gallery
- Leverage the same image across multiple Azure subscriptions.
Snapshot management for Azure disks
You can create and manage disks snapshots with azure deployments.
- Support for CRUD operations on snapshots
- Support for both managed disks only
- See Day 2 Actions.
Support for Azure disk encryption sets
vRA Cloud supports Azure disk encryption sets to support these use cases:
- Support for third party KMS systems that leverage encryption sets.
- Support encrypting VM and all the attached disks (current and future) with the same key.
- Support for managed disks only.
Enhanced support for Azure availability sets
Enhancing the support for availability sets to address these use cases:
- Support reusing existing availability sets in the cloud template.
- Support having the availability set as optional so that the resources are not part of any availability set.
Changes to permissions and logging for Azure-based extensibility actions
Microsoft Azure 3.x Scripting API support for vRA Cloud introduces changes to Azure-based extensibility actions:
- Users must add new permissions to their cloud account so they can use Azure-based extensibility actions. Learn more.
- To continue to use logging in their Python-based extensibility actions, users must modify their script. Learn more.
- New Ansible Tower blueprint property – maxJobRetries which retries Ansible Playbooks
- Ability to call workflow templates from Ansible Tower integration
- Ansible integration with user account execution
- In Ansible open source, vRA creates the server using hostname instead of IP Address
- Ability to Pass additional variables from blueprint yaml to Ansible tower
- Update the "Prompt on launch / Limit" for Ansible tower integration to use default value
- Pass user defined properties from Blueprint as facts to Puppet master from agent node.
- Specify PE master of masters.
Event Broker enhancements
Ability to add subscriptions at post provisioning stage and before power on.
IPAM registration for vRA 7.x workloads while onboarding into vRA Cloud
When onboarding resources that are part of vRA 7.x to vRA Cloud, the IPAM registration is updated for the onboarding workloads. This ensures that there is no duplicate assignment with the IPAM provider and also ensures the IPs come back to the pool once the workloads are deleted.
Unregister onboarded machines from vRA
You can now unregister onboarded machines from vRA
- The unregister action is available for "onboarded" machines only.
- This action removes the resource from the deployment and makes it available for onboarding again.
- When "unregistering" the onboarded machine, any attached disks (that were onboarded with machine) are unregistered automatically.
- Once you add additional disks to the onboarded machine, the machine is not treated as onboarded anymore and the unregister functionality is not be available.
- See Day 2 Actions.
GCP Sole Tenancy
You can now set a custom property to take advantage of the GCP Sole Tenancy capability (dedicated host).
Networking: Change On-Demand and Existing Security groups for VMC - Iterative and Day 2
The Change Security Groups (Day-2 and Iterative deployment) action now allows you to associate or dissociate a security group (existing/new), which is part of VMware Cloud on AWS deployment, to one or more machines in the deployment. You can attach or detach the security group in blueprint to and from respective machines, and update deployments with this new topology through iterative development.
If you want to add an additional security group (existing or new), which is not part of deployment, to one or more machines in the deployment, you can add the additional security group in blueprint and attach it to machines, and update deployments with this new topology through iterative development.
Networking: Reconfigure On-demand Security group for VMC - Iterative and Day 2
The Reconfigure Security Group (Day-2 and Iterative deployment) action now allows you to modify, add, or remove rules of an on-demand security group for a running application in VMware Cloud on AWS.
Support for AVS
With this release, vRealize Automation Cloud is tested and certified to work with VMware's hosted cloud solutions on Microsoft Azure, called Azure VMware Solution (AVS). Workloads running in AVS can now be managed by vRealize Automation Cloud after setting up vCenter and NSX-T cloud accounts. For more information on AVS, see Azure VMware Solution Documentation.
CloudHealth integration for public cloud costing
vRA Cloud integration with CloudHealth provides cost visibility at two levels - Deployment and Project. The integration supports collection cost information for both AWS and Azure. Once the integration with CloudHealth is set up, vRA automatically retrieves the cost information for the workloads.
Storage allocation as per full VM size
Storage for a template/content library based deployments are now allocated at the beginning of deployment to allocate for the full deployment size including image data disks without impacting Workload placement with vROps. This also includes the capacity of any data disks which are part of the template.
Simplification of onboarding workflow
The onboarding plan creation workflow is simplified to make it easier to bring VMs under vRA management. The rules option is now depreciated and the workflow allows direct selection of machines. The machines view now shows only those VMs which were explicitly selected by the user.
Hostname in Ansible Tower
When a machine is provisioned by vRA, the IP Address of the machine is added in the Ansible Tower instead of hostname. In this release, Hostname is added as ansible_host variable in Ansible Tower. The Hostname or FQDN string can be passed to Ansible Tower from Cloud Templates.
Policy criteria support for additional Integer/String operators
vRealize Automation now supports Integer and String based operators for policy criteria to allow the cloud administrator to define policies with additional granularity.
Integer operators: greater than, less than, equal and less than, or equal can now be used for criteria clauses 'Total Memory (MB)' and 'CPU Count'.
String operator 'contains' can now be used for criteria clauses 'Created By' and 'Owned By'.
Cancel pending action with approval
Previously, when a action was cancelled the pending approval request was not cancelled or cleared. Now, cancelling the pending action before it gets approved also cancels the pending approval.
Cloud Provider partners can brand their organization and their tenants’ organizations with their logo, service names, and colors. This functionality is available to all customers.
Networking: Additional properties in IPAM SDK action schema
IPAM SDK action schema is extended to include the following properties:
- Standardized projectId, blueprintId, deploymentId for Allocate/Deallocate/AllocateRange/DeallocateRange/UpdateRecord
- Included addressSpaceId, vraIPAddressId in Deallocate/UpdateRecord
- Added ID fields for AllocateRange/DeallocateRange
Non-overlapping cloud zones
Cloud zones in vRealize Automation represent compute capacity and include compute resources (vCenter clusters, hosts or resource pools for VMware Cloud, availability zones for AWS, Azure and GCP).
Cloud zones are defined in one of three ways:
- Include all available clusters / availability zones
- Manually select clusters / availability zones
- Dynamically select clusters / availability zones based on tags
Prior to the vRealize Automation Cloud January 2021 release, the same compute resources could be a member of multiple cloud zones.
In vRealize Automation Cloud Jan, cloud zone definitions no longer include the same underlying compute resources.
All existing cloud zone definitions continue to work the same way, however the user is notified when a cloud zone includes a compute resource that is already a member of another cloud zone. Modify and re-save cloud zones to make them distinct.
Note: Auto-generated cloud zones (during cloud account creation) are associated with the underlying compute resources after the data collection. For dynamically defined cloud zones (tag based), when the tags are updated for the underlying compute resources, the cloud zone definitions are updated after the next data collection cycle.
Support for Google Cloud VMware Engine
vRealize Automation Cloud is tested and certified to work with VMware's hosted cloud solutions on Google Cloud Platform, called Google Cloud VMware Engine (GCVE). Workloads running on GCVE are now managed by vRealize Automation Cloud after setting up vCenter and NSX-T cloud accounts. For more information, refer to Google Cloud VMware Engine documentation.
vRealize Orchestrator in vRealize Automation Cloud
- You can now use vRealize Orchestrator 8.x product capabilities in vRealize Automation Cloud. Features from older vRealize Orchestrator 8.x releases are documented in the following release notes:
- Configure a vRealize Orchestrator integration in Cloud Assembly
- New features:
- Content usage and dependencies of the vRealize Orchestrator content object . You can view where objects, such as workflows, actions, resource elements, and configuration elements are used.
- An improved deployment experience for vRealize Orchestrator instances enabled for vRealize Automation Cloud. The new deployment uses a cloud extensibility proxy that you can deploy on either your vCenter Server or VMC (Vmware Cloud on AWS).
Important: vRealize Orchestrator roles cannot be leveraged directly in vRealize Automation Cloud. This means you cannot add vRealize Orchestrator roles, such as administrator and workflow developer. Roles for the vRealize Orchestrator integration in vRealize Automation Cloud are managed through Cloud Assembly service roles. For administrator rights, the user needs the Cloud Assembly Administrator role. For workflow developer rights, the user needs the Cloud Assembly User role. Learn more.
Important: Integration of a new SaaS-enabled vRealize Orchestrator 7.6 instances is no longer supported. Existing vRealize Orchestrator 7.6 SaaS integrations will continue to operate, but you cannot update the configuration of these integrations. To migrate these vRealize Orchestrator 7.6 SaaS integrations to your new vRealize Orchestrator 8.x integration, see Migrating a vRealize Orchestrator 7.6 SaaS instance to the cloud extensibility proxy.
Create, store, and use cloud template secrets
The "secure properties" feature stores and encrypts sensitive data in the database. This data is hidden from all areas in vRealize Automation. You can create and encrypt secret variables for project scope under infrastructure administration, and use in cloud templates. For more information, see How to create and reference a secret Cloud Assembly property and How to use secrets in vRA Terraform integration.
Create, store, and use extensibility action secrets
You can now enhance your extensibility actions by using secrets. Extensibility action secrets are useful for use cases where the input parameters of your extensibility action include sensitive data, such as passwords or certificates. Learn more.
Networking: NSX-T Tier-1/ NSX-V ESG sharing within a deployment
- Ability to reuse a single NSX-T Tier-1 router or NSX-V Edge Service Gateway (ESG) in a single deployment.
- Previously in vRA Cloud/vRA 8.x, every on-demand NSX-T network created a new Tier-1 logical router and every on-demand NSX-V network created a new ESG. The Tier-1/ESG sharing capability allows you to share a Tier-1 or ESG in a deployment, without requiring a separate Tier-1 or ESG for every network in the deployment.
- You can achieve this capability with the Gateway resource type in the Cloud Template. The Gateway resource represents the Tier-1/ESG and it can be connected to multiple networks in the deployment. Learn more.
Networking: New NAT resource type for port forwarding (DNAT rules) support for NSX outbound networks
In a previous release, vRA introduced port forwarding (DNAT rules) support for NSX outbound networks with the Cloud Template resource type, Cloud.NSX.Gateway. This allowed DNAT rules to be specified for the gateway/router connected to the outbound network.
In this release, a new Cloud Template resource type, named Cloud.NSX.NAT, is available in the Cloud Template to define DNAT rules for the deployment. Learn more.
Note: The Cloud.NSX.Gateway resource type is still supported and is used for NAT rules strictly for backward compatibility. However, this will be removed in a future release. Going forward, users will have to use the Cloud.NSX.NAT resource type for defining DNAT rules, and use the Cloud.NSX.Gateway resource for defining shared NSX-T Tier1 or NSX-V ESG.
Networking: Reconfigure On-Demand Security group - Iterative and Day 2 - NSX-T
Reconfigure Security Group (Day-2 and Iterative deployment) action is only supported for NSX-T on-demand security groups. It allows you to modify, add or remove rules of a security group for a running application. Learn more.
Add custom properties while onboarding VMs
While onboarding VMs, you can specify custom properties to add during onboarding. You can specify these at a onboarding plan level. You can also remove these properties from individual VMs if the addition is not required. Learn more.
Support attached disks with onboarding
You can onboard disks as part of an onboarding plan and perform all Day 0\1\2 operations. This feature only supports disks that are attached to the VMs. For more information, see What are onboarding plans in Cloud Assembly.
Property groups help you work more efficiently by reusing groups of properties, storing metadata, and tracking resource usage.
- Create, update, read, and delete property groups with pre-defined data
- Reuse property group as cloud template inputs and resource properties
- Query resource and deployment by property groups as key value pairs
For more information, see How to reuse the same properties in different designs.
Improvements in Custom resource types and custom day2 actions
Enhance custom resource request forms and configuring resource types with powerful workflows and dynamic request forms.
- Ability to use resource properties in Custom request forms of a day2 actions
- Ability to bind complex objects and query collection of object properties and reference types
Custom Forms enhancements
Multi Value picker enhancements
- Ability to browse full details while searching via "show all" option
- Support for reference object types Learn more
Deployment request status as a filter
You can filter deployments by the last request status or the deployment lifecycle status. Learn more
- Deployment lifecycle status: create/update/delete successful or failed
- Last request status: the last request status on the deployment, can include: cancelled/approval_pending/approval_rejected/in_progress/successful/failed
Notify cloud consumers for optimization and enable consumers to take action
As a cloud administrator, you can alert project owners of optimization opportunities. Enable deployment owners to optimize deployments, by providing recommendations and actions in-context for deployments. Learn more.
Active directory per cloud template
Admins can now allow further active directory (AD) integration modification at the Cloud Template level.
- Application architects can now change the relativeDN OU setting directly in the cloud template based on certain preferences.
- In the same manner that the AD integration can be skipped, certain machines are not registered in the preconfigured AD domain based on the machine's properties.
Resource Utilization for consumers.
You can display the total consumption of resource usage (CPU, memory, storage) per end user. When an end user logs in, the amount of consumed resources are displayed. Learn more
Use cases and examples are now in a new Tutorial section. Added new tutorials.
Storage - Datastore, storage profile selection optimization
When multiple storage profiles are eligible for placement, this criteria is used for placement optimization:
- All eligible datastores belonging to these storage profiles become under consideration and not just the first
- vRA ensures that the cluster and datastore are connected.
- Leverage vCenter content library to clone the "closest" template when creating a new VM. This eliminates copying of templates when a template copy may already be present in the local data store, reducing cloning time.
- Deployments are distributed across multiple cloud zones, based on policy, when all other criteria selects multiple candidate cloud zones.
- Extensibility actions run in a K8s pod linked to a particular extensibility action - for the life of the platform. Pods are reclaimed and available for other extensibility actions to be run, enhancing extensibility action scale and concurrency characteristics.
Support for AWS Dedicated Instances
Create dedicated instances when provisioning in AWS. To enable this, you have to set a specific property in the cloud template (dedicatedInstance:true). This enables the user to derive all the benefits of using dedicated instances in AWS.
Change deployment ownership
Change deployment ownership as admin or member - for any project admin/member. You can also set a policy with regards to the deployment owner.
Alert synchronization from vROps
- Alerts from vROps are now available in vRA, where alerts are defined on Cloud Objects such as Machines, Deployments, Projects and Cloud zones.
- As a response to alerts, cloud providers can now initiate actions such as Analyzing Insights of a Cloud Zone, and Notifying deployment owners of reclamation opportunity.
Load Balancer - Health monitor settings for NSX-V and NSX-T
- Configure (Day 0) active health monitor to test server availability, and passive health monitor to monitor failures during client connections and mark servers causing consistent failures as DOWN.
- Support reconfiguration (Day 2) of health monitor settings.
Reconfigure On-Demand Security group
Reconfigure Security Group (Day-2 and Iterative deployment) action is only supported for NSX-T on-demand security groups for now. It allows user to modify, add or remove rules of a security group for a running application. Learn more.
Terraform provider enhancements
- Verified to be part of Hashicorp Terraform registry
- Support First Class Disk resource type
Infoblox - filter data collected to optimize performance
- Allow filtration for data collected networks to minimize the initial set of networks for which actions are executed.
- The Infoblox IPAM plugin for vRA performs datacollect on all networks from Infoblox. Default page size is 1000. For customers, who have thousands of networks, but only need to use a few in vRA, they can easily tag these networks with Extensible Attributes.
- This feature includes properties in the Infoblox plugin that allow you to provide special filters to select only the required network type objects from Infoblox and filter out the rest.
Support Day 2 Disk creation in to a SDRS datastore cluster
Support day 2 actions to create new disks when:
- SDRS is enabled.
- datastore clusters are being used.
Deployments - Change ownership
Change deployment ownership as admin or member for any project member.
Custom property update via API
Update custom property for machines through IaaS API. Learn more
Reuse Azure resource groups
Ensure there is no sprawl of resource groups and help simplify management.
- Abilility to choose if the day 2 created disk should go to a new resource group or into an existing one. If existing is required, user will be able to choose the Resource Group from a drop down.
- Abilility to reuse a resource group when defining the cloud template so that even with day 0 provisioning, a new resource group create is not created.
Cloud zone capacity and consumption Insights
- Integrate with vRealize Operations to view capacity insights for a cloud zone in context.
- Key Indicators such as Physical resources available (CPU GHz, Cores), and utilization are provided.
- Trend of consumption for CPU and Memory help in understanding capacity trend situation.
- Projects and resources consumed from this cloud zone by them are provided for detailed consumption analysis.
Networking: Change Security Group - Iterative deployment
Change security groups for a machine component using iterative development. Learn more.
- Ability to associate or dissociate a security group (existing/new), which is part of deployment, to one or more machines in the deployment, the user can attach/detach the security group in a cloud template to/from respective machines, and update deployments with this new topology through iterative development.
- Ability to add an additional security group (existing/new) which is not part of deployment, to one or more machines in the deployment, the user can add the additional security group in blueprint and add (attach) it to machine(s), and update deployments with this new topology through iterative development.
- Create Image Mappings at the Tenant Management screen (de-couple from VPZ)
- Create Flavor Mappings at the Tenant Management screen (de-couple from VPZ)
vRealize Automation Blueprint name change to VMware Cloud Templates
- Blueprints are renamed to VMware Cloud Templates. Learn more.
- You might still see the term Blueprint in the official documentation, API, error messages, and other areas of code.
Terraform Configuration as a VMware Cloud Templates Resource in vRealize Automation Cloud
Terraform open source configurations are now integrally supported by VMware Cloud Templates. Cloud Administrators can integrate Terraform configurations stored in Git and release as self-service catalog items. Select capabilities include the following. Learn more
- Create Cloud Templates with Terraform configurations
- Compose hybrid Terraform-VMware Cloud Templates
- Enable built-in power Day 2 actions and custom day 2 actions on Terraform resources
- Central deployment state file
- Managed Terraform runtime in cloud
- Code Stream pipeline to deploy Terraform based Cloud Templates for DevOps users
Multi-tenancy: Centralized Management of Tenant Infrastructure
The capability for a provider to allocate provider-managed infrastructure to their tenants. Learn more.
- Provider administrator creates a bundle of isolated IaaS resources (Compute, Network, Storage, Image, and Flavor) called the Virtual Private Zone (VPZ).
- Provider administrator shares the VPZ with a tenant.
- Tenant administrator, in turn, shares the VPZ with a project within the tenant org.
- Tenant project members can provision a machine into the VPZ.
- Project members view the deployment and see an "obfuscated" view of the underlying infrastructure (only the VPZ name).
- Tenant A resources are not visible to Tenant B, even when underlying infrastructure is shared.
Custom Role Based Access Control (RBAC)
vRealize Automation Cloud introduces Custom roles based access that enables customers to closely align the roles they assign consumers and providers to the actual roles they hold within their organizations. It helps with configuring restrictive enough roles, based on the actual tasks (permissions) users are eligible for and resource they are eligible to without overloading permissions with unnecessary tasks or confront organization security.
- Org admins are able to define custom roles within organization.
- Each custom role can be assigned to an organization users/group.
- New custom roles model integrates with out of the box roles, and works in collaboration with access control and policy within the organizations.
Available configurable permissions:
- Custom Roles for Images, Flavors, Zones, Machines and Requests, Cloud Accounts, Cloud Zones and Projects
- Custom Roles for Manage and View Onboarding Plans
- Custom Roles for Extensibility use cases:
- Manage and View
- Action Runs
- Viewer permissions for:
- Event Topics
- Workflow Runs
- Manage and View
- Custom Roles to Manage and View Cloud Templates
- Custom Roles to Manage and View Custom day2 for builtin & custom resources
- Custom Roles for Pipeline Modeling, Execution, Configuration
- Custom Roles for Policy Permissions
- Custom Roles to manage permissions for approvals
XaaS Custom Resource and Custom Action Enhancements
- Custom Resources Schema Dynamic data support. vRealize Automation Cloud now includes automatic validation for the workflows added as lifecycle actions to your custom action. This feature also includes improvements to the external type property and custom resource property schema. Learn more.
- Custom Day 2 actions bindings. vRealize Automation Cloud supports three types of action bindings: in request, with binding action, and direct binding. Learn more.
Support 1:N Association Between NSX-T Manager and vCenter
- Support for 1 NSX-T manager connected to multiple vCenters. Learn more.
NSX-T Policy Mode Support
Enable the creation of a new NSX-T endpoint in Policy mode. Learn more.
Policy mode support for Networks (Day 0, Day 2), Load Balancers (Day 0), Security Groups (Day 0), Tagging (Day 0), VM Scale In/Out (Day 2), and Port Forwarding (Day 0, Day 2)
NSX Load Balancer Configurations - Logging Level, Algorithm, Type, NIC, and VIP
Support for NSX Load Balancer advanced configurations, including Logging level, Algorithm, and Type (Day 0,Day 2). Learn more.
Support for NSX Load Balancer configuration options for NIC for all network types, including private, outbound and routed networks. (vRealize Automation Cloud 07.20 release supported this feature for existing and public networks). Load Balancer can now be connected to a specific machine NIC, rather than always using the first NIC in the machine by default. Learn more.
Ability to specify the IPv4 VIP (Virtual IP) in the Cloud Templates; this would allow Load Balancer to have a specific IP, instead of an IP from a static IP range.
- Port Forwarding (DNAT rules) support for NSX outbound networks. vRealize Automation now exposes a new Cloud.NSX.Gateway Cloud Templates resource type that will allow the DNAT rules to be specified for the gateway/router connected to the outbound network. Learn more.
- Day 2 actions support for adding new NAT port forwarding rules, reordering rules, editing existing rules, and deleting rules.
Networking Day 2 – Reconfigure Security Groups
Support for Day 2 actions for security groups
Change security groups - add a new or existing security group, remove associated security groups, and modify
associated security groups. Security groups should be part of deployment for the day2 actions. The day2 actions are supported for single machine only, not for multi-machine cluster.
Delete security group - remove security group from deployment. If the security group is on-demand, then it is destroyed.
vSphere 7 Supervisor Namespace as a Cloud Templates Resource
- Cloud Templates author can define supervisor namespace resource limits on the Cloud Templates resource. This allows the admin to restrict user resource consumption
ITSM Plug-in 8.1.1
- Support for Custom Forms which has Text Area, Text Field, Text, Password, Decimal, Integer, Drop Down, Checkbox, Date Time, Radio Group
vRealize Automation Catalogs in Native ServiceNow Catalog
- vRealize Automation Catalogs items are now available in native ServiceNow catalog for Deployment
vRealize Automation Scaling
- Up to 250 resources per deployment and 400,000 virtual machines.
- If you anticipate deployments to have more than 100 resources, upgrade to the new API version 2020-08-25.
New Version of the vRealize Automation REST API
As of August 25, 2020, a new version of the vRealize Automation REST APIs is available with all vRealize Automation releases. The new version increases resource support to 300 resources per deployment and provides performance improvements. If you are an API user and have not locked your API to a version before, you might encounter a change in an API response. As a best practice, you should lock your API to the latest version which is apiVersion=2020-08-25. In this way, you ensure that your API responses do not change unexpectedly with an API update. If left unlocked, your API requests will default to the latest version.
- Support for up to 50 blocking and 50 non-blocking subscriptions per event topic. Learn more
First Class Disk IaaS APIs – additional actions
- New IaaS API support for First Class Disk (FCD) snapshot management (Create, Delete, List, and Restore). Learn more.
- New IssS API to convert existing disk to an FCD. Learn more.
- New ITSM plugin (version 8.1) for vRealize Automation Cloud is now available on ServiceNow store.
- Orlando Support – Plugin supports Orlando which is latest ServiceNow version. It also supports previous ServiceNow versions Madrid and New York.
- Multi-level Approval – The ServiceNow administrator can configure multi-level approval for ServiceNow Catalog requests.
- Email Notifications – The ServiceNow administrator can configure email notifications for various activities like Deployment Requests, Approval Requests, Day 2 Requests, and Endpoint and Entitlement configurations.
- Auto Create tickets for failed deployments – A support ticket is created and assigned to support groups in ServiceNow whenever a deployment request fails in vRealize Automation or a day-2 action fails.
Shared Infrastructure Multi-Tenancy for Cloud Provider Hub Organizations
Setup and manage Virtual Private Zones and share IaaS resources across projects while maintaining tenant isolation. For managed service providers, shared infrastructure multi-tenancy ensure optimal resource allocation and control. Currently this is only supported for provider organizations in Multi-Tenancy configuration through VMware Cloud Provider Hub.
- The Provider Administrator can create a Virtual Private Zone which is a bundle of isolated IaaS resources (Compute, Network, Storage, Image, and Flavor). All CRUD operations are supported.
- The Provider Administrator can add the newly created Virtual Private Zone to a project. You can add multiple Virtual Private Zones to a single project.
- Project members can provision machines into the added Virtual Private Zone.
This is a key step towards “Shared Infrastructure Multi-Tenancy” in a multi-tenant vRealize Automation Cloud environment. In multi-tenant vRealize Automation Cloud environment the provider will be able to allocate Virtual Private Zones for provisioning from Tenant side.
- NSX Cloud specific Load balancer exposes advanced configuration options and can now be connected to a specific machine NIC, rather than always using the first NIC in the machine itself by default. Learn more.
Custom Role Based Access Control (RBAC)
vRA Cloud introduces Custom roles based access which enables customers to closely align the roles they assign consumers and providers to the actual roles they hold within their organizations. It helps configuring restrictive enough roles, based on the actual tasks (permissions) users are eligible for and their eligible resources without overloading permissions with unnecessary tasks or confront organization security.
- Organization administrators are able to define custom roles within organization.
- Each custom role can be assigned to an organization user/group.
- New custom roles model natively integrate with out-of-the-box roles and work in collaboration with access control and policy within the organizations.
Available configurable permissions:
- Custom Roles for Images, Flavors, Zones, Machines, and Requests
- Custom Roles to Manage and View Custom day2 for built-in & custom resources
- Custom Roles for Pipeline Modeling, Execution, and Configuration
- Custom Roles for Policy Permissions
- Custom Roles to manage permissions for approvals
- More information about custom roles and examples of how they work with the the other roles
vSphere Supervisor Namespace Support
- Ability for catalog user to request vSphere supervisor namespaces from the vRealize Automation Cloud catalog powered by an underlying VMware Blueprints.
vRealize Orchestrator Integration
- VMware Cloud (VMC) on AWS is currently not supported as authentication provider for vRealize Orchestrator.
Approval For Onboarded Deployments And Cloud Assembly
- Support approval flow for pre-provision and day 2 actions for cloud assembly blueprint deployments
- Support approval flow for day 2 actions on imported deployments
- More information about approval policies
FCD - IaaS API – CRUDL
- Create, deleted, list, attach and detach First Class Disks (FCD)
IaaS API Filter Resources Within Particular Region In Cloud Accounts
- Resources in Cloud Assembly IaaS API can be found by the region that they belong to using Data filter. The region can be uniquely identified by the externalRegionId and the corresponding cloudAccountId
Integration With vROPS Cloud
- Support for workload placement, cost and pricing, and health metrics via vRA Cloud. Learn more
New vRA Cloud Service Regions
- Singapore AWS ap-southeast-1 since 05/28
- Frankfurt AWS eu-central-1 since 06/01
- Approvals now apply to all catalog items beyond Cloud Assembly blueprints including CFTs, vRO workflows, extensibility actions, OVAs, etc.).
- You can now trigger approval policies based on the attributes of underlying resources filtered by: cloud account, cloud type, flavor, image, region or resource type. Learn more
API for Updating Cloud Account Password
- Update cloud account password for vSphere and NSX using IaaS API.
Custom Day 2 Actions
- Custom day 2 operations for custom resources and vRealize Automation built-in types. Learn more
- Support for custom resources based on vRO types. Learn more
- View and filter deleted deployment history for up to 90 days after deletion. Learn more
Day 2 Networking
- Update deployment constraints on the vSphere machine NIC to move it from one existing network to another existing network in the same network profile.
- Machine can be moved from static to static network, or dynamic to dynamic network.
- The previous network is deleted from the deployment. Learn more.
Share Extensibility Actions Across Projects
- Ability to share a extensibility action across multiple projects. Learn more.
- Apply AD policies to select cloud zones in a project based on tags.
- Specify a set of optional tags when creating an AD policy.
- Expose or indicate health for the AD integration end point and the health of the underlying extensibility action integration in use.
- Limit how much CPU and memory resource can be consumed by deployments of a project.
NSX-V: On-demand security Group
- Enable native support for NSX-V on-demand security groups in blueprint design canvas. Learn more
Pipeline as Catalog Item
- Support pipeline workflow as a catalog item.
Powershell Support Beta
- Powershell support on-prem for extensibility actions (wrappers, image, callback, proxy, code editor, log enhancement, dependencies, code completion, flow support, troubleshooting).
- UX improvements on filter and criteria.
- View only role for project and org.
Storage Limit For vSphere
- Limit storage capacity of a cloud zone that deployments of a particular project can consume.
- For vSphere templates based provisioning, before day 2 actions.
- Enhancement to graphical representations and bindings of compute networking interface cards to Security Group constructs in blueprint design canvas.
- Create and manage tags on resource pools, clusters and computes via IaaS API.
OVA As A Catalog Item
- Bitnami based open virtual appliances (OVA) files from the marketplace can be shared in the catalog for specific projects.
- Users can then request and provision an OVA catalog item.
- While a deployment is being created it can be managed as any other employments (e.g. policy, day2).
Ansible Tower Integration
- Out of the box support for Ansible Tower and open source version of Tower in Cloud Assembly. Learn more
Persistent Disk API
- Ability to ensure disks are not deleted on deployment/VM delete. Learn more
- Ability to create a disk independent of a VM.
Service Broker Admin To Manage K8s Zones
- Service Broker admin can create and manage project configurations for Kubernetes zones.
Approvals For Deployment Requests
- User-based approvals for initial catalog item requests and day 2 actions.
- Triggering (multiple) approvals based on deployment criteria.
- Auto-approve or reject when there is no response within specified time period.
- Ability to add reason for approval decision.
- Ability to specify whether one (any) or multiple (all) approvers are required.
- Approval through URL in email.
- Ability to track approval process for requesters/approvers.
- Email notifications for approvals.
- Learn more about approval policies
- vRA cloud user can select the number of deployments to create from a single blueprint at request so that the user can deploy multiple environments in a single request. Learn more about setting a deployment count on deployments
Networking Day 2 Actions
- Day 2 actions support for network reconfigure and managing load balancer-specific properties. Included as part of the possible actions
Networking Extensibility Events
- Subscribe to new independent extensibility events for networks, load-balancers, and security groups for custom deployments enhancements by applying extensibility actions and vRealize Orchestrator workflows.
- Export/Import CSS in a custom form. Learn more
Cloud Assembly IaaS API
- Users can enumerate all private images for enabled regions of specified account through the vRealize Automation Cloud IaaS API. The account here can be of type: AWS, Azure, GCP, VMC, vSphere
- Users can create a new VMC Cloud account through the vRealize Automation Cloud IaaS API.
- Users can get the resources for specified zone through the vRealize Automation Cloud IaaS API. The returned list of computes has the following properties:
name : Compute name
id : The id of this resource instance
tags : A set of tag keys and optional values that were set on this resource instance
type : Type of the compute instance
externalRegionId : The external region id of the compute
externalZoneId : The external zone id of the compute
externalId : External entity id on the provider side
orgId : The id of the organization that this entity belongs to
createdAt : Date when the entity was created
updatedAt : Date when the entity was last updated
For more details, refer to vRealize Automation Cloud IaaS API Swagger documentation: https://www.mgmt.cloud.vmware.com/iaas/api/swagger/ui/.
- Deployment Sharing
Ability to enable deployment visibility and day 2 actions across all project members or limit that ability to the deployment owner and project admins. More about enabling deployment sharing in projects.
- VM Console Access
Allows remote access for vSphere machines as a day 2 action. Included in the day 2 actions.
- On-demand Security Groups
Create an on-demand NSX Security Groups directly on the blueprint design canvas. Display all security groups under new Security tab. More about security resources.
- Graphical Input Editor in Blueprinting Canvas
Configure your topology inputs by using a graphical editor on the design canvas in Cloud Assembly. Choose how you prefer to interact with your blueprints with the yaml script editor and the graphical editor.
- Blueprint API schema validation
Blueprint APIs are being updated to perform schema validation for level 2 objects. For example, Ansible playbooks must be an array of strings and not a string.
- Cloud Assembly IaaS API deployed resources are visible in UI
When provisioning a resource by using the Cloud Assembly IaaS API, the resources are visible in the UI on the Deployments tab.
- Graphical Property Editor in Blueprinting Canvas
The Blueprint editor now includes a GUI for objects properties. The GUI reflects what is present on the canvas and in the code view in real time and can be used to add properties or edit existing properties. The GUI includes helpful and relevant signposts to all displayed fields.
Policy Deployment Criteria
A policy in Service Broker can now be further refined when the policy is applied within the selected scope. The policy criteria is a logical expression. The expression is evaluated against deployments. More about configuring the deployment criteria.
IPv6 Support for vSphere Machines
Cloud Assembly supports pure IPv4 or dual stack IPv4 and IPv6 for vSphere cloud accounts and their endpoints. More about IPv6 and IPv4.
- Network Automation - Security Groups in Blueprints
Assign existing NSX security groups directly on the blueprint design canvas. All security groups are listed on the new "Security" tab. Existing security groups can be applied per vNIC of a virtual machine in a deployment. More about security groups.
- Action Based Extensibility (ABX) for On-Premises (Beta)
Introducing Action Based Extensibility (ABX) serverless capabilities on-premises. Tie actions to lifecycle events with subscriptions. Create inputs in blueprints and define package dependencies and requirements. Establish and release versions for actions. Create workflow chains of actions across clouds and establish failure actions. Python 3 and NodeJS languages supported. The actions will run on a local extensibility action appliance (with a dedicated cloud extensibility proxy). More about action-based extensibility (ABX) for on-premises integration.
- Active Directory Integration in Cloud Assembly (Beta)
Out-of-the-box integration with Active Directory is now supported. With this integration, users can manage the placement of machines within the Active Directory structure easily through configurations at the project level.
- Set Icons on Catalog Items
Catalog items in Service Broker have a default icon when created. You can now change the icon to whatever you choose as more relevant to your catalog entry.
- Enable Custom Forms import / export in the custom Form Designer
A custom form can be exported and imported as a JSON file or as a YAML file.
- New Action Editor design page
The extensibility Actions page on the Extensibility tab has been updated to improve the user experience. More about extensibility actions.
- Kubernetes Cluster and Namespace Management (Beta)
The following capabilities were added for Kubernetes support. More about Kubernetes.
- Connect to PKS endpoint and share the PKS plans across projects
- Self-service request for creating a cluster
- Admin provided shared cluster for the project
- Discover and add existing PKS clusters on the endpoint
- Onboard an external native Kubernetes cluster (EKS, GKE etc.)
- Policy based placement of namespaces
- RBAC for Kubernetes namespaces
- Ability to requests namespaces from catalog
- Ability to manage and share namespaces on Kubernetes clusters
Network Automation - Tagging Networking Objects
Enable the provisioning and management of network resources, including network load balancers and Virtual Machine NICs, that can be consumed in projects and blueprints by leveraging tags. The tags can be propagated to the endpoints for NSX-T, NSX-V, vSphere, AWS, and Azure. More about tags.
Cloud Agnostic Load Balancer - Day 2 reconfiguration
You can now reconfigure a deployed load balancer (ports, networks, and member pool) for load balancers on NSX-T, NSX-V, AWS and Azure. More about reconfiguring a load balancer.
Ability to set IP mode (DHCP, Static & Mixed)
You can now define your preferred IP mode as DHCP, static, or mixed for private, outbound and routed networks. More about IP mode.
- Access Control for Day 2 Actions
Control who can access and edit Day 2 actions for existing workloads through the Service Broker policy engine. More about Day 2 actions.
- Service Broker Catalog content refresh
A scheduled refresh of templates imported into the Service Broker catalog is now set to occur every 6 hours.
- New Extensibility event topics
Additional events topics for Blueprints, Kubernetes, and Disk events has been added.
- Custom Naming (Beta)
Define the naming nomenclature of your VMs with custom machine naming on a project level. By defining these name templates on a project level, all machines deployed by users within the project are automatically assigned a name based on the template. More about custom naming.
- Blueprint validation
A test option is now available within the blueprint design. The test capability provides the ability to auto suggest flavors and constraints based on the project of the blueprint and also provide the ability to simulate the flow and show placement errors before starting the actual provisioning.
- Infoblox IPAM Integration (Beta)
Cloud Assembly now includes integration with Infoblox as a provider-specific IPAM solution within your environment. Once the IPAM integration configuration is complete, you can use the Infoblox to provision IP addresses using existing Infoblox networks. More about configuring for Infoblox IPAM integration.
- Disk Provisioning in Azure
The default behavior for disk provisioning in Azure when no storage profile exists has been changed. Previously, if no storage profile had been configured for an Azure cloud account, storage accounts were created by default and disks were placed within the on-demand storage account. With this change, the default behavior when there is no storage profile is to use Azure managed disks.
- Role Names
The names of the Cloud Assembly service roles have been updated. The Automation Cloud Admin role is now named Cloud Assembly Administrator. The Automation User role is now named Cloud Assembly User. No other change has been made to the Cloud Assembly roles. More about Cloud Assembly roles.
- Blueprint Sharing
Cloud Assembly administrators can now control whether a blueprint can be shared to users in other projects. When creating or editing a blueprint, you can restrict the blueprint to its project or make the blueprint sharable to all projects within the same organization. If a blueprint is sharable, a Service Broker administrator can manage which projects have access to that blueprint for self-service provisioning in Service Broker.
Cost visibility has been temporarily disabled. This functionality is being rebuilt based on a new costing engine and will be expanded to include upfront cost prior to provisioning a deployment, as well as the running cost of deployed workloads.
- Resource Tags on Project
Contain tag sprawl with tagging policies for your workload resources. Tags on provisioned machines within a project can now be set for each project. By defining these tags on a project level all machines deployed by users within the project are automatically tagged. More about project tags.
- Day 2 Tags
Tags can now be added or edited on deployed machines as a Day 2 action. More about Day 2 actions.
- Systems Actions
Extensibility actions can now be executed via the API without an association to a project. A projectId field is now optional.
- Google Cloud Platform (GCP)
GCP cloud provider functionality has passed Beta and is now enabled for use in production. More about the Google Cloud Platform cloud account.
The following areas have been addressed:
- GCP account registration
- Native Discovery of GCP resource
- Provision a VM
- Network profile
- Load Balancer support
- Storage profile
- Day 2 operations
- Compute Resources - Power On/Power Off, Reset, Suspend, Resize, Snapshot Management
- Storage - Disk Management operations
- Add/Remove Nic from VM
- Firewall rules updates
- GCP-specific properties support
- IaaS API
The VMware Cloud Assembly IaaS API is a multi-cloud policy-based placement API designed for consumers who prefer an imperative over declarative style of provisioning of workloads. The official swagger documentation is available from https://www.mgmt.cloud.vmware.com/iaas/api/swagger/ui/.
IaaS API versioning is now mandatory and the IaaS API URL has changed to /iaas/api/. More about API documentation.
The IaaS API version parameter is now mandatory. This means that calls such as “GET /iaas/api/network-profiles” should be changed to “GET /iaas/api/network-profiles?apiVersion=2019-01-15”.
Calls that do not explicitly contain the apiVersioning parameter, such as “GET /iaas/api/network-profiles” where the apiVersioning parameter is not included, will fail.
To help ensure a smooth transition for existing code, during the next 3 months all calls that do not contain the apiVersioning parameter will log a warning message and the call will succeed.
The officially supported IaaS API URL path is /iaas/api/.
This means that you should updated existing calls such as “GET /iaas/network-profiles?apiVersion=2019-01-15” to “GET /iaas/api/network-profiles?apiVersion=2019-01-15”.
To ensure a smooth transition for already existing code, during the next 3 months all calls that have omitted the api subdirectory in the URL will be routed to an updated path that includes the api subdirectory. For example, the path “GET /iaas/network-profiles?apiVersion=2019-01-15” will be routed to the updated path “GET /iaas/api/network-profiles?apiVersion=2019-01-15”.
- Display Page-Specific Help Topics
You can now access page-specific help topics by clicking the Help icon on the toolbar. You can also search for additional help content using the Search box. To pin the in-product Help panel in place while you continue working, click the pin in the top right corner. More about the in-product Help panel.
- When attempting to deploy a blueprint containing an on-demand NSX-T load balancer, the deployment fails with the following error: "Load Balancer with protocol [HTTPS] is not supported"
Previously, deploying an on-demand NSX-T load balancer configured with a route using the "HTTPS" protocol appeared successful. However, the load balancer in question was silently being configured with a route using the "HTTP" protocol instead, as the "HTTPS" protocol was not and is not supported. Now, attempting to deploy this unsupported configuration results in an appropriate error message.
Workaround: There is currently no workaround, as on-demand NSX-T load balancer routes using the "HTTPS" protocol are not supported. Customers who have previously deployed blueprints containing on-demand load balancers configured with routes using the "HTTPS" protocol should review their existing deployments and understand that they are actually using the "HTTP" protocol.