VMware vRealize Automation Cloud | 19 APR 2022 Check for additions and updates to these release notes. |
You can find information about these new features and more at VMware vRealize Automation Cloud and in the signpost and tooltip help in the user interface. Even more information is available when you open the in-product support panel where you can read and search for related topics, and view community posts and KBs, that appear for the active user interface page.
IMPORTANT
Behaviour Change: Deployment failures occur when static IP assignments are used with “Network Configure” extensibility event
In Cloud Templates, when "assignment: static" is used for a VM network interface, a network with IP ranges configured will be selected during allocation. If there are no networks with IP ranges configured in network profile(s) then allocation fails.
The "assignment: static" should only be used for a VM network interface when using a vRA internal IPAM or an external IPAM with static IP ranges. If the static IP is allocated via the "Network Configure" extensibility event custom solution then the "assignment: static" should not be used for a VM network interface in the Cloud Template. This results in an allocation failure.
Workaround - If the static IP is allocated via the "Network Configure" extensibility event custom solution and allocation is failing with Error: 'Unable to find common placement for compute <vm-name> and its associated network', then remove the "assignment: static" from the VM network interface in the Cloud Template and retry.
Log4J vulnerabilities
Updated Apache log4j to version 2.17 to resolve CVE-2021-44228 and CVE-2021-45046. For more information on these vulnerabilities and their impact on VMware products please see VMSA-2021-0028.
VMware Cloud Services (CSP) Authentication Policy IP address/range restrictions are not supported
As part of the Authentication Policy configuration, VMware Cloud Services (CSP) introduced IP Authentication Policy that can restrict certain IP addresses/ranges for an organization. Configuring IP address/range restrictions is not supported from VMware vRealize Automation. Use of this policy can result in service limitations.
VMware Cloud Services (CSP) Authentication Policy Multi-Factor Authentication for API login is not supported
As part of the Authentication Policy configuration, VMware Cloud Services (CSP) introduced Multi-Factor Authentication. Configuring VMware Cloud Services Multi-Factor Authentication is not supported from VMware vRealize Automation. Use of this policy can result in service limitations.
Evolution of the ABX On Prem engine
ABX On Prem now uses the next generation On Prem engine, which has advanced performance and scalability. The New FaaS is much faster, fixes numerous issues with memory limits, and introduces memory based throttling. You can also troubelshoot action runs easier with additional logging capabilities.
The new on prem engine includes these improvements:
As part of continuous security improvements, related to SSL verification when calling systems with untrusted certificates from the action, an additional configuration might be needed in the action’s code which is explained in KB 88278. In future releases, we plan to provide an easy way to trust such certificates by importing them from the UI and no longer skip SSL verification.
Azure properties under protectedSettings should be encrypted
The Azure provisioning extension property under protectedSettings is now encrypted.
Enhance day-2 operations for TKGs clusters- Update K8s version, Update Tanzu Cluster VM classes, Scale worker nodes
vRealize Automation now supports day-2 operations for TKGs cluster to add further automation . When you have provisioned Tanzu Kubernetes Cluster as Deployment, you can execute one of these operations:
Approval policy now includes multi-level approvals
Approval policies now include multi-level approvals. Approvals can be set to specific levels, with all matching policies firing sequentially based upon the criteria selected. This includes a revamped approval progress screen to show the levels currently pending or approved, and the approver pending a decision to better inform the end-user of their approval flow status. Learn more.
Provisioning should support approval policy with limit > 2 days
The Project's request timeout value has been disassociated with the allocation timeout for provisioning service objects, and vRealize Automation now sets that to a value greater than the maximum approval policy period. Customers should no longer see errors at provisioning time for objects that were pending approval for more than 2 days.
Request ID is now displayed in deployment request history
Request ID is now displayed for each action on the deployment History tab. You can leverage this information for debugging and billing purposes.
Ability to provision NSX-T On-Demand VLAN Segments - VCT support
You can provision NSX-T VLAN segments by specifying one or more VLAN IDs on private NSX network type. This can be used in cases where your overall design prohibits you from provisioning overlay networks on NSX-T. As part of this feature, we also collect and display information about VLAN transport zones which should be selected in network profile in order to give ability for VLAN networks to be created. Learn more.
Custom Naming has been revamped to include expanded functionality
Custom Naming has been revamped to include expanded functionality.
Allow global configuration of memory allocation limits
A global configuration property has been added that sets the maximum memory allocation amount on an individual host or cluster for the entire org.
Support change owner Day2 action for single user that is part of an AD group
Support changing deployment owner to users that are part of AD groups which are project administrator or project member.
Note: If a user is a project viewer or supervisor, they are not eligible to be owner of a deployment.
Online vRA 7 Assessment in vRA Cloud
You can now use the vRA Migration Online Assessment feature to the determine migration readiness of your vRealize Automation 7 and vRealize Orchestrator source environments from VMware Cloud Assembly.
The online assessment in vRA Cloud:
Changing deployment projects for provisioned deployments
Day 2 action to change project is now enabled for provisioned deployments. Provisioned deployments can contain any number of Machines, Disks, Resource Groups, Load Balancers, Networks, Security Groups, NATs, and Gateways. If a provisioned deployment is updated to either contain a not aforementioned resource, for example, terraform configuration, or an onboarded/ migrated resource, the change project action is not available. If the resource is deleted, then the change project action becomes available again.
SaltStack Config available as a resource type within Cloud Templates
You can now natively deploy and configure a salt-minion as part of a Cloud Template as a day-0 operation by dragging and dropping directly on to the canvas to attach the SaltStack Config resource type to one or multiple virtual machines. The new resource type is found under SaltStack on the left-hand resource menu.
Updated vRealize Automation plugin for vRealize Orchestrator with versions 8.4.2+
Updated plugin version is now available here: https://marketplace.cloud.vmware.com/services/details/vmware-vrealize-orchestrator-plug-in-for-vrealize-automation011-1?slug=true
The plugin now supports:
For complete functionality description, please check the “Documents” section in our new vRealize Orchestrator community page: https://communities.vmware.com/t5/vRealize-Orchestrator/ct-p/1303
Custom validation for catalog item by custom forms now supported via API
VRealize Automation now supports custom validation with API. With this new feature, you can design a catalog item with a custom form and external validation via the API. When the user creates a deployment from the catalog item via API, the validation is executed. In the case that the validation fails, the api response would contain validation error messages.
Custom Remediations for SaltStack SecOps
You can now import advisories that aren't supported by SaltStack SecOps. Custom remediation files can be attached to an advisory for automated remediation. Learn more about custom remediation.
Dynamic Job Inputs for SaltStack Configuration Jobs
Reduce, reuse, and delegate your IT automation and configuration management outcomes with Dynamic Jobs.
Optional inputs in property groups
Input property groups now support optional input. In a property group, all properties are optional by default. In order to mark all non-Boolean properties without a default value as required, add the following cloud template property to the desired property group: populateRequiredOnNonDefaultProperties: true If the above property is omitted / set to false, then all properties will be treated as optional (which is the default behavior).
Retain deployment creation date for migrated deployments
Deployments moved by the migration tool now retain the original creation date.
Deployment Limit Policy support for storage
Deployment Limit Policy now supports storage constraints on both day-0 provisioning and day-2 actions including: resizing, adding, and deleting disks. Learn more about deployment limit policies.
Removal of infrastructure machines and volumes view
The infrastructure machines and volumes view has been replaced with the virtual machines and volumes view in the Resource Center under the Resources top level tab. The permission for machines view is no longer available.
Marketplace Retirement
The Marketplace intergration within vRealize Automation has been retired.
Custom forms supports bind field and conditional value to any input or variable
Custom Forms Field/Tab visibility configuration now supports 'Bind field' Value Source. You can now bind the visibility of a Field or a Tab to another field to type 'Boolean' (i.e. Checkbox).
Service Broker cache for custom form actions
Service Broker now issues the minimal amount of requests to resolve External Source values by making better use of its internal caching mechanism. Upon changing the project field, all cached values are cleaned, but caching is still active for the current vRO integration. Duplicate requests are properly marked based on all relevant information for the request.
Seamless synchronization between external IPAM provider server and vRA IP ranges.
When an IP range from an external IPAM provider is deleted, the state is automatically detected and deleted in vRA. The deleted external range is no longer visible, and cannot be associated with networks or cause failures and "orphan" range experiences on vRA customer site.
Resources Tab
The "Deployments" tab is now renamed to "Resources" as we continue expand the functionality of the Resource Center and increase visiblity of discovered objects.
Resource Center - Simplified view of discovered resources and day 2 actions
Following the last release of Resource View, vRealize Automation enhanced the Resources tab to help cloud admins and end users manage cloud resources across compute, storage, networking, and security. The new features include:
vRA Ansible Integration supports 2.11
Inter-op support has been increased to Ansible 2.11.5. Ansible 2.11 is the latest stable Ansible version and customers can now use this version when running playbooks with the vRA Ansible integration.
Approval policy now supports AD groups
Approval policies in Service Broker now support AD groups as approvers, as opposed to only accepting individual users. Learn more about approval policies.
Onboarding support for IPv6
Onboarding plans now support machines which have IPv6 addresses.
vRealize Standard+ now supports 11 additional languages
As part of the on-going integration of the SaltStack products to VMware we have completed the translation and release of vRA STD + in 11 languages making it easier for our users around the world take advantage of the powerful capabilities in the vRA STD + product. vRA STD + is now available in the following languages: German, French, Spanish, Japanese, Korean, Simplified Chinese, Traditional Chinese, Russian, Dutch, Italian, Brazilian Portuguese.
vRealize Log Insight content pack for vRealize Orchestrator v8.3+ now available
The VMware vRealize Orchestrator (vRO) content pack compliments the vSphere content pack and provides a consolidated summary of log events across all vRO components of the environment. The vRealize Orchestrator 8.0+ (vRO 8.0+) content pack for Log Insight provides you with important information across all components of your vRealize Orchestrator 8.3+ environment
The vRO 8.0+ content pack enables:
Content pack can be found here: https://marketplace.cloud.vmware.com/services/details/vrealize-orchestrator-8-0-log-insight-content-pack-dist-1-1?slug=true
Plug-in API compatibility updates for VUM plug-in
The VUM (Update Manager) plug-in now supports vSphere 6.7, 7.0, 7.0 U1, 7.0 U2. This enhances support beyond the original vSphere 6.5 API. With VUM you can perform these actions:
UI Updated to Angular 12
The UI has been updated to Angular 12. This is a seamless update and we foresee no customer impact.
Access all your vRealize Automation Cloud documentation in one place
To simplify your experience in using the vRealize Automation product documentation, we combined the vRealize Automation 8.x and vRealize Automation Cloud product documentation in a single vRealize Automation Documentation Center.
Explore the vRealize Automation Documentation Center.
Deprecated Functionality: Migration assistant update
Starting in the February 2022 release, vRA will support migrations via Migration Assistant only from vRA 7.6. Migration Assessment for older versions will continue to work.
Approval API: Incompatible change in response attribute
The response attribute has changed from "phase" to "level" in the following API calls:
get /approval/api/approvals
get /approval/api/approvals/{id}
Assign icons to onboarded deployments
To give end you more information about deployments, vRA Cloud updates the deployment Edit action to support assigning custom icons to onboarded deployments.
SaltStack and Carbon Black integration
Carbon Black and SaltStack SecOps are now integrated to pass information from Security Teams to Infrastructure Teams. This integration passes Carbon Black's findings into the SaltStack SecOps framework for action through remediation. By leveraging the Carbon Black's security scanning capabilities along with the SaltStack action, arm companies can quickly find and fix vulnerabilities in their infrastructure which reduces exposure and eliminates advisory abilities to exploit these vulnerabilities.
Scale out migrated deployments
After the Cloud admin migrates deployments, you can scale out existing resources within that migrated deployment.
Migrate property groups with external values
The Migration assistant tool now supports the migration of property groups with external values.
Create Extensibility Subscription for lease expire
Cloud admins can extend the machine management process and trigger specific actions when a machine lease is expiring. This allows them to perform a variety of automated tasks such as backing up the machine or adding additional monitoring.
Deployment Limit Policy to define Deployment and Deployment Resource Limits
The Deployment Limit Policy allows Cloud Admins to define Deployment limits to restrict CPU count, Memory, and VM count. These policies also allow Cloud Admins to define Deployment Resource limits to restrict CPU count and Memory of specific resources within a larger deployment. These policies are enabled by default for an entire organization, but can be scoped down using familiar criteria such as applying to a certain project, being deployed from a specific VMware Cloud Template, or containing a certain tag. The Deployment Limit Policy also is enforced against any resize actions performed after a successful deployment that falls within the scope of the policy. Learn more.
Assign VCT to onboarded deployments
You can assign a VMware Cloud Template (VCT) to onboarded deployments.
Note: VMware Cloud Template assignments are for visual representation only and updating the onboarded deployments by iterating on the assigned template is not supported.
Ability for devops project users create a TKGs cluster
DevOps project Users can now create TKG clusters.
SaltStack SecOps support for Tenable import scans of Windows systems
Users who leverage Tenable now have the ability to import scans for Windows systems as well as Linux systems.
Offline vRealize Automation 7 Migration Assessment in vRealize Automation Cloud
In Cloud Assembly, you can perform an offline vRealize Automation 7 to 8 migration asessment in vRealize Automation Cloud without deploying a vRealize Automastion 8 instance. For more information see the vRealize Automation Cloud Transition Guide.
Support Puppet Enterprise for machines without a public IP address
You can register machines without a public IP address.
Ability to configure name of Azure NIC interfaces
You can use the new API to configure a name of NIC for a VM running on Azure. Learn more about using extensibility actions to configure a NIC name.
Note: This is only supported using API and not using VCT.
Resource Quota policy additional day 2 governance
In this release, vRealize Automation Cloud includes Resource Quota Policy enhancements that add additional support for Day2 actions. Quotas now properly account for Day2 actions that affect allocations including disk and machine resizes. Learn more about resource quota policies.
Ability to add External validation to a custom day2 action
You can apply a complex validation to the user inputs on the custom day2 request form. The validation is run externally as a vRealize Orchestrator action and prevents you from submitting the request form until the validation is complete. Learn more.
New VMware Salt Modules Available
We are pleased to announce the release of Salt modules for vSphere/ESXi, NSX, and VMC. These modules were developed as a collaborative effort between VMware and the Salt Open Community and are available under the Salt GitHub project in 'Salt Extension Modules for VMware'.
New "Project Supervisor" role for approvals
This release introduces a new out of the box role called "Project Supervisor" which can be used for approving deployment requests. Any user with this role can serve as an approver only for that specific Project. Learn more.
Onboard vSphere networks
You can onboard vSphere network objects along with the VM while executing the onboarding plan. When a VM is onboarded, the attached vSphere network object is also onboarded and the network object is shown on the deployment canvas.
Indicate vRO based catalog item status
Based on the status of vRO workflow, you can see if any items are valid/invalid/out of sync.
Custom Resources with extensibility actions
Application architects can use extensibility actions in cloud templates to build complex applications. They can create custom resources based on extensibility actions and assess lifecycle operation and day2 context actions. The extensibility action script can return text that can be directly populated as a custom component on the design canvas. Learn more.
Kubernetes support in Code Stream Workspace
The Code Stream pipeline workspace now supports Docker and Kubernetes for continuous integration tasks. The Kubernetes platform manages the entire lifecycle of the container, similar to Docker. In the pipeline workspace, you can choose Docker (the default selection) or Kubernetes. In the workspace, you select the appropriate endpoint. The Kubernetes workspace provides:
You can also choose to create a clone of the Git repository.
Ability to configure machine tags in VCT for VMs deployed in VMC
You can configure machine tags for a VM deployed on VMC and update the tag after initial deployment. These tags are used to dynamically assign a VM to an appropriate security group. This builds on similar capability introduced for NSX-T in earlier vRA release. Learn more.
Ability to change default Active Directory OU settings after VM provisioning.
You can now configure a special custom property in YAML template and move machine to a different OU after the post provisioning task.
Cloud Templates with dynamic vRO inputs
You can leverage dynamic inputs in native Cloud Templates when vRO workflow based dynamic values are enabled in the Cloud Templates inputs. Learn more.
Allow IPAM settings to be an input property on machine NIC component in the blueprint
Prior to this feature, IPAM properties always come from the network that the nic targets to. This feature allows customers to directly set gateway addresses, domain, dns and dns search domain via VCT and ignore the properties from the network.
CodeStream API changes
Workspace section in pipeline has two new fields to support k8s based workspaces.
POST /codestream/api/pipelinesGET /codestream/api/pipelines/{id}
GET /codestream/api/pipelines/{project-name}/{pipeline-name}.workspace
In the request/response payloadWorkspace Type: Two new fields are added "type" - indicates type of workspace (defaults to docker and backward compatible)"customProperties" - a key value pair to customize k8s workspace
New version of Cloud Assembly IaaS API
This is the new version of Cloud Assembly IaaS API. Users can call this version by using the parameter apiVersion='2021-07-15'.
Notable changes in the new Cloud Assembly IaaS APIs:
The first version of the Cloud Assembly IaaS API which is 2019-01-15 is deprecated and will be supported for 12 months.
All requests executed without apiVersion parameter are redirected to the first version of the Cloud Assembly IaaS API which is 2019-01-15. This redirect allows every previously missed user to specify the apiVersion parameter to transition smoothly to the new version ’2021-07-15’ without experiencing breaking changes.
Project Administrator can act as Approver for all approval requests
When creating an approval policy, administrators can select a Project Administrator (for the project in which the approval was triggered) as the approver. This means a policy can be created once, for the organization, or a group of projects, instead of a policy per project with specific user(s) as approver. Learn more.
Configure when IP address from IPAM is released
You can configure how long it takes for an IP address to be released from allocation once it is no longer used. This allows for faster provisioning of new workloads where IP addresses are scarce. There is no change to default behavior where it can take up to 30 mins before an IP address is released after its no longer used. Learn more.
VMware vRealize Orchestrator plug-in for vRealize Automation 8.5 and vRealize Automation Cloud
The updated vRealize Automation plug-in supports scripting objects generation such as cloud accounts, cloud zones, projects, tags, and CRUD operations to build your own content. For each object, some sample content is provided by default. Learn more.
Technical limitations:
Enable resources across Azure regions to be added to the same resource group
An Azure resource group is created in an Azure region. However, resources from any Azure region can be added into it. This feature enables admins to add resources from other regions into the Azure RG. Learn more about working with Azure resource groups.
NVDS-CVDS Migration Support
The infrastructure admin can migrate vSphere NVDS to CVDS and have vRA update its state including networks and deployments with new information. Additional considerations apply if using vSphere network representations in vRA.
Snapshot management for Azure disks
You can now pass the resource group name, encryption set, and network policy while creating the disk snapshot. This builds on previous Azure disk snapshot functionality introduced in prior release. Learn more about Azure snapshots.
Ability to enable/disable boot diagnostics for Azure VMs - Day 2
You can enable/disable boot diagnostics for Azure VMs as a day 2 action. This builds on ability to enable this as Day 1 action introduced in prior release. Learn more about the day 2 boot diagnostic actions.
Notifications
The Service Broker administrator can view the list of available email notification scenarios and enable or disable them for all users in their organization:
Learn more about notifications.
Support for existing global security group as part of NSX-T Federation
vRealize Automation can now discover global security groups configured under NSX-T global manager. These groups can be leveraged in network profiles and VMware Cloud Templates to build deployments. This builds on initial support for NSX-T Federation introduced in May 2021 vRA release. Learn more.
Day 2 Install of Salt Minions
You can deploy a Salt Minion on a previously deployed VM resource as a day 2 action. Learn more about the day 2 Salt configuration action.
Day 2 Application of Salt State Files
You can apply one or more Salt State files to a previously deployed VM resource as a day 2 action. Learn more about the day 2 Salt configuration action.
Custom Roles API
The APIs for Custom Roles (RBAC) are now available (Create, Read, List, Update, Delete).
To access API specifications for Custom Roles, see https://www.mgmt.cloud.vmware.com/project/api/swagger/swagger-ui.html?urls.primaryName=rbac%3A2020-08-10
Disks added through vRO and extensibility reflected on deployment (topology) diagram
Disks that were added using vRO workflows or ABX with vRA APIs at the time of initial provisioning are also reflected on the deployment design canvas. All current day 2 actions are available for these disks.
Support for Microsoft Azure Disk Encryption Set
The Microsoft Azure disk encryption set supports:
Property group enhancements (vRO, secrets)
Property groups can now:
Shared IP range for multiple networks
It is now possible for vRA to assign same IP range coming from internal or external IPAM to multiple networks. Learn more.
Provider Events triggered upon tenant resource CRUD
Events in the provider organization enable the provider to trigger subscriptions and write in the CMDB etc. (or for billing purposes). These events are only for resources that the provider must have visibility into. No deployment level events are triggered in the provider org, for tenant deployments.
Limit the number of namespaces for a project on a K8s zone
Prior to this, there was no per K8s zone limit for projects. This feature introduces a configurable limit for the max number of supervisor namespaces that can be deployed for the project on a given K8s zone.
Support for Snapshot management of Microsoft Azure disksThe Microsoft Azure disk snapshot management now supports:
Resource view for deployments
In addition to the existing deployment view, you can now use the new resource view to monitor and manage your resources:
Parallel day 2 actions for deployment resources
Allow multiple resources in the same deployment to go through day 2 actions at the same time.
Property group enhancements (RBAC, cloud template association)
Property groups are enhanced with several new features:
Additional policy criteria attributes across all policy types
Several new resource-based deployment criteria attributes are now consistently available across all policy types and enhance the policy based multi-cloud governance capabilities.
Some of the resource attributes include:
Scoping a policy to multiple projects
Scoping a policy to multiple projects allows cloud administrators and project administrators to define policies that can apply to one project, across multiple projects, or the entire organization. Scoping can be done by leveraging a set of project-based criteria available across all policy types. Expanding the scope of a policy so that it can be applied to multiple projects in an organization allows a policy to be defined once and reused across multiple projects. Scoping enhances the multi-cloud governance capabilities. Learn more.
Policies: Define and enforce resource limits using resource quota policies
Cloud administrators can now control the consumption of resources across the entire organization and in projects by setting and enforcing reusable resource quotas or consumption limits on certain metrics, such as CPU, Storage, Memory, or number of instances.
This allows cloud administrators to gain more visibility into the consumption of a finite set of shared resources and enforce policy-based governance on resource quotas across the entire organization, per project, or per user. Learn more.
Ability to enable or disable boot diagnostics for Azure VMs - Day0
You can toggle boot diagnostics for VMs provisioned in Azure with the VMware Cloud Templates.
Ability to enable or disable log analytics for Azure VMs
You can toggle log analytics for VMs in Azure.
Support of NSX Federation with NSX-T Cloud Account (Global Manager / Local Manager, existing networks)
With an NSX-T cloud account, it is now possible to connect to NSX-T Global Manager and configure an association between NSX-T Global Manager and Local Managers in the context of the NSX-T Federation. Learn more.
SaltStack Config Cloud Template Integration
SaltStack Config integration is further enhanced to support:
Support for VMware Cloud on AWS (VMC) on Dell EMC
Continued validatation management of workloads running in all flavors of VMware Cloud. The latest edition to this effort is VMC on Dell EMC infrastructure deployed at the edge.
Custom resource action troubleshooting
Ability to create subscriptions based on custom resource pre and post events
Cloud administrators can trigger action runs before and after custom resource provisioning.
Storage Policies
IaaS API
Force delete functionality to the IaaS API endpoint for deleting deployments. The option is used with the “forceDelete” query parameter.
vRO plug-in
The VMware vRealize Orchestrator Plug-in allows interaction between vRealize Orchestrator and vRealize Automation.
The preconfigured workflows provided with the plug-in help you deploy and manage resources in vRealize Automation in automated way. In addition to the provided workflows, you can create and run custom workflows. Newly provided content in vRO that is compatible with vRealize Automation, provide solutions to the main customer use cases to create and run workflows for the main functions such as managing projects and users, use custom types, manage VMs, etc. Learn more.
The March Cloud release supports:
Required: To use the plugin, you must download and install it from the marketplace.
Support for multi-vm/disk configuration
Add disk with different sizes
Cloud templates allow configurations of different size disks.
Disk placement should align with the VM in Workload placement\Multi-VM scenario
Previously, when creating multiple VMs in a single deployment (using the count field), the disk might not attach to the same cluster that hosts the VM. Now, with vROps enhancements, the disk placement is always on the cluster that hosts the VM for optimal performance.
Policy criteria support for resource tags across all policy types
Support for resource based tags as additional criteria allows cloud administrators to define granular policies that can target deployments with resources that have specific tags.
The resource tag policy criteria clause is consistently available across all policy types.
Networking: Reconfigure Existing Security group for vSphere and VMC - Iterative and Day 2
Reconfigure Security Group (Day-2 and Iterative deployment) action allows you to modify, add, or remove rules of an existing security group for a running application in vSphere or VMware Cloud on AWS. See Day 2 Actions.
Changing deployment projects for onboarded deployments
You can use the Change project action to update a project as a day 2 action for onboarded deployments
Single secret store
You can now create project service secrets. Secrets can be used to add encrypted input values to your extensibility actions. The extensibility action secrets feature added with the December 2020 release is now known as extensibility action constants. Learn more.
Action constants share the same list as the project service secrets. There is no action needed for users who have existing extensibility action constants from the previous release.
Operations center: optimizable deployment filter
Added a filter for deployments to be optimized: optimizable resources only.
When vROPs detects that there is a deployment that has optimization available:
Operations center : Custom roles and other enhancements
Functionalities of HCMP (Insights, Alerts and Optimizations) can now be filtered by custom roles having read only/read write access to Cloud Zones, Projects, and Deployments. See organization and service roles, and custom roles.
Cloud zone insights now show projects along with their reclaimable capacity.
Optimizable deployments can now be filtered from the deployment list to easily reach them.
Specify order and SCSI controller for vSphere disks
When creating new disks with deployments:
Support for disks which are part of the image template
There can be instances where an image template has disks in addition to the boot disk. In such cases, these disks are supported for day 2 actions. You can view these disks under the VM details. You can also take day 2 actions such as resize on these disks. This resize action is shown as the VM object in the deployment diagram and lists all disks connected to the VM. See Day 2 Actions.
Support for Azure image gallery
The image gallery supports:
Snapshot management for Azure disks
You can create and manage disks snapshots with azure deployments.
Support for Azure disk encryption sets
Azure disk encryption sets to support these use cases:
Enhanced support for Azure availability sets
Enhancing the support for availability sets to address these use cases:
Changes to permissions and logging for Azure-based extensibility actions
Microsoft Azure 3.x Scripting API support introduces changes to Azure-based extensibility actions:
Ansible enhancements
Puppet enhancements
Event Broker enhancements
Ability to add subscriptions at post provisioning stage and before power on.
IPAM registration for vRealize Automation 7.x workloads while onboarding
When onboarding resources that are part of vRealize Automation 7.x, the IPAM registration is updated for the onboarding workloads. This ensures that there is no duplicate assignment with the IPAM provider and also ensures the IPs come back to the pool once the workloads are deleted.
Unregister onboarded machines
You can now unregister onboarded machines
GCP Sole Tenancy
You can now set a custom property to take advantage of the GCP Sole Tenancy capability (dedicated host).
Networking: Change On-Demand and Existing Security groups for VMC - Iterative and Day 2
The Change Security Groups (Day-2 and Iterative deployment) action now allows you to associate or dissociate a security group (existing/new), which is part of VMware Cloud on AWS deployment, to one or more machines in the deployment. You can attach or detach the security group in blueprint to and from respective machines, and update deployments with this new topology through iterative development.
If you want to add an additional security group (existing or new), which is not part of deployment, to one or more machines in the deployment, you can add the additional security group in blueprint and attach it to machines, and update deployments with this new topology through iterative development.
Networking: Reconfigure On-demand Security group for VMC - Iterative and Day 2
The Reconfigure Security Group (Day-2 and Iterative deployment) action now allows you to modify, add, or remove rules of an on-demand security group for a running application in VMware Cloud on AWS.
Support for AVS
With this release, vRealize Automation Cloud is tested and certified to work with VMware's hosted cloud solutions on Microsoft Azure, called Azure VMware Solution (AVS). Workloads running in AVS can now be managed by vRealize Automation Cloud after setting up vCenter and NSX-T cloud accounts. For more information on AVS, see Azure VMware Solution Documentation.
CloudHealth integration for public cloud costing
Integration with CloudHealth provides cost visibility at two levels - Deployment and Project. The integration supports collection cost information for both AWS and Azure. Once the integration with CloudHealth is set up, the cost information is automatically collected for the workloads.
Storage allocation as per full VM size
Storage for a template/content library based deployments are now allocated at the beginning of deployment to allocate for the full deployment size including image data disks without impacting Workload placement with vROps. This also includes the capacity of any data disks which are part of the template.
Simplification of onboarding workflow
The onboarding plan creation workflow is simplified to make it easier to bring VMs under management. The rules option is now depreciated and the workflow allows direct selection of machines. The machines view now shows only those VMs which were explicitly selected by the user.
Hostname in Ansible Tower
When a machine is provisioned, the IP Address of the machine is added in the Ansible Tower instead of hostname. In this release, Hostname is added as ansible_host variable in Ansible Tower. The Hostname or FQDN string can be passed to Ansible Tower from Cloud Templates.
Policy criteria support for additional Integer/String operators
Integer and String based operators are now supported for policy criteria to allow the cloud administrator to define policies with additional granularity.
Integer operators: greater than, less than, equal and less than, or equal can now be used for criteria clauses 'Total Memory (MB)' and 'CPU Count'.
String operator 'contains' can now be used for criteria clauses 'Created By' and 'Owned By'.
Cancel pending action with approvalPreviously, when a action was cancelled the pending approval request was not cancelled or cleared. Now, cancelling the pending action before it gets approved also cancels the pending approval.
Organization Customization
Cloud Provider partners can brand their organization and their tenants’ organizations with their logo, service names, and colors. This functionality is available to all customers.
Networking: Additional properties in IPAM SDK action schema
IPAM SDK action schema is extended to include the following properties:
Non-overlapping cloud zones
Cloud zones represent compute capacity and include compute resources (vCenter clusters, hosts or resource pools for VMware Cloud, availability zones for AWS, Azure and GCP).
Cloud zones are defined in one of three ways:
Prior to the January 2021 release, the same compute resources could be a member of multiple cloud zones.
In this release, cloud zone definitions no longer include the same underlying compute resources.
All existing cloud zone definitions continue to work the same way, however the user is notified when a cloud zone includes a compute resource that is already a member of another cloud zone. Modify and re-save cloud zones to make them distinct.
Note: Auto-generated cloud zones (during cloud account creation) are associated with the underlying compute resources after the data collection. For dynamically defined cloud zones (tag based), when the tags are updated for the underlying compute resources, the cloud zone definitions are updated after the next data collection cycle.
Support for Google Cloud VMware Engine
vRealize Automation Cloud is tested and certified to work with VMware's hosted cloud solutions on Google Cloud Platform, called Google Cloud VMware Engine (GCVE). Workloads running on GCVE are now managed by vRealize Automation Cloud after setting up vCenter and NSX-T cloud accounts. For more information, refer to Google Cloud VMware Engine documentation.
What's New December 2020
vRealize Orchestrator in vRealize Automation Cloud
Important: vRealize Orchestrator roles cannot be leveraged directly in vRealize Automation Cloud. This means you cannot add vRealize Orchestrator roles, such as administrator and workflow developer. Roles for the vRealize Orchestrator integration in vRealize Automation Cloud are managed through Cloud Assembly service roles. For administrator rights, the user needs the Cloud Assembly Administrator role. For workflow developer rights, the user needs the Cloud Assembly User role. Learn more.
Important: Integration of a new SaaS-enabled vRealize Orchestrator 7.6 instances is no longer supported. Existing vRealize Orchestrator 7.6 SaaS integrations will continue to operate, but you cannot update the configuration of these integrations. To migrate these vRealize Orchestrator 7.6 SaaS integrations to your new vRealize Orchestrator 8.x integration, see Migrating a vRealize Orchestrator 7.6 SaaS instance to the cloud extensibility proxy.
Create, store, and use cloud template secrets
The "secure properties" feature stores and encrypts sensitive data in the database. This data is hidden from all areas. You can create and encrypt secret variables for project scope under infrastructure administration, and use in cloud templates. For more information, see How to create and reference a secret Cloud Assembly property and How to use secrets in vRealize Automation Terraform integration.
Create, store, and use extensibility action secrets
You can now enhance your extensibility actions by using secrets. Extensibility action secrets are useful for use cases where the input parameters of your extensibility action include sensitive data, such as passwords or certificates. Learn more.
Networking: NSX-T Tier-1/ NSX-V ESG sharing within a deployment
Networking: New NAT resource type for port forwarding (DNAT rules) support for NSX outbound networks
In a previous release, port forwarding (DNAT rules) supported NSX outbound networks with the Cloud Template resource type, Cloud.NSX.Gateway. This allowed DNAT rules to be specified for the gateway/router connected to the outbound network.
In this release, a new Cloud Template resource type, named Cloud.NSX.NAT, is available in the Cloud Template to define DNAT rules for the deployment. Learn more.
Note: The Cloud.NSX.Gateway resource type is still supported and is used for NAT rules strictly for backward compatibility. However, this will be removed in a future release. Going forward, users will have to use the Cloud.NSX.NAT resource type for defining DNAT rules, and use the Cloud.NSX.Gateway resource for defining shared NSX-T Tier1 or NSX-V ESG.
Networking: Reconfigure On-Demand Security group - Iterative and Day 2 - NSX-T
Reconfigure Security Group (Day-2 and Iterative deployment) action is only supported for NSX-T on-demand security groups. It allows you to modify, add or remove rules of a security group for a running application. Learn more.
Add custom properties while onboarding VMs
While onboarding VMs, you can specify custom properties to add during onboarding. You can specify these at a onboarding plan level. You can also remove these properties from individual VMs if the addition is not required. Learn more.
Support attached disks with onboarding
You can onboard disks as part of an onboarding plan and perform all Day 0\1\2 operations. This feature only supports disks that are attached to the VMs. For more information, see What are onboarding plans in Cloud Assembly.
Property Groups
Property groups help you work more efficiently by reusing groups of properties, storing metadata, and tracking resource usage.
For more information, see How to reuse the same properties in different designs.
Improvements in Custom resource types and custom day2 actions
Enhance custom resource request forms and configuring resource types with powerful workflows and dynamic request forms.
Custom Forms enhancements
Multi Value picker enhancements
Deployment request status as a filter
You can filter deployments by the last request status or the deployment lifecycle status. Learn more
Notify cloud consumers for optimization and enable consumers to take action
As a cloud administrator, you can alert project owners of optimization opportunities. Enable deployment owners to optimize deployments, by providing recommendations and actions in-context for deployments. Learn more.
Active directory per cloud template
Admins can now allow further active directory (AD) integration modification at the Cloud Template level.
Resource Utilization for consumers.
You can display the total consumption of resource usage (CPU, memory, storage) per end user. When an end user logs in, the amount of consumed resources are displayed. Learn more
Documentation changes
Use cases and examples are now in a new Tutorial section. Added new tutorials.
What's New November 2020
Storage - Datastore, storage profile selection optimization
When multiple storage profiles are eligible for placement, this criteria is used for placement optimization:
Performance Improvements
Support for AWS Dedicated Instances
Create dedicated instances when provisioning in AWS. To enable this, you have to set a specific property in the cloud template (dedicatedInstance:true). This enables the user to derive all the benefits of using dedicated instances in AWS.
Change deployment ownership
Change deployment ownership as admin or member - for any project admin/member. You can also set a policy with regards to the deployment owner.
Alert synchronization from vROps
Load Balancer - Health monitor settings for NSX-V and NSX-T
Reconfigure On-Demand Security group
Reconfigure Security Group (Day-2 and Iterative deployment) action is only supported for NSX-T on-demand security groups for now. It allows user to modify, add or remove rules of a security group for a running application. Learn more.
Terraform provider enhancements
Infoblox - filter data collected to optimize performance
Support Day 2 Disk creation in to a SDRS datastore cluster
Support day 2 actions to create new disks when:
What's New October 2020
Deployments - Change ownership
Change deployment ownership as admin or member for any project member.
Custom property update via API
Update custom property for machines through IaaS API.
Reuse Azure resource groups
Ensure there is no sprawl of resource groups and help simplify management.
Cloud zone capacity and consumption Insights
Networking: Change Security Group - Iterative deploymentChange security groups for a machine component using iterative development. Learn more.
Multi-tenancy
What's New August 2020
vRealize Automation Blueprint name change to VMware Cloud Templates
Terraform Configuration as a VMware Cloud Templates Resource
Terraform open source configurations are now integrally supported by VMware Cloud Templates. Cloud Administrators can integrate Terraform configurations stored in Git and release as self-service catalog items. Select capabilities include the following. Learn more
Multi-tenancy: Centralized Management of Tenant Infrastructure
The capability for a provider to allocate provider-managed infrastructure to their tenants. Learn more.
Custom Role Based Access Control (RBAC)
Base concepts:
Available configurable permissions:
XaaS Custom Resource and Custom Action Enhancements
Support 1:N Association Between NSX-T Manager and vCenter
NSX-T Policy Mode Support
NSX Load Balancer Configurations - Logging Level, Algorithm, Type, NIC, and VIP
Port Forwarding
Networking Day 2 – Reconfigure Security Groups
vSphere 7 Supervisor Namespace as a Cloud Templates Resource
ITSM Plug-in 8.1.1
Custom Forms
Catalogs in Native ServiceNow Catalog
Scaling Improvements
New Version of theREST API
As of August 25, 2020, a new version of the REST APIs is available with all releases. The new version increases resource support to 300 resources per deployment and provides performance improvements. If you are an API user and have not locked your API to a version before, you might encounter a change in an API response. As a best practice, you should lock your API to the latest version which is apiVersion=2020-08-25. In this way, you ensure that your API responses do not change unexpectedly with an API update. If left unlocked, your API requests will default to the latest version.
What's New July 2020
Extensibility Subscriptions
First Class Disk IaaS APIs – additional actions
ITSM Plugin
Shared Infrastructure Multi-Tenancy for Cloud Provider Hub Organizations
Setup and manage Virtual Private Zones and share IaaS resources across projects while maintaining tenant isolation. For managed service providers, shared infrastructure multi-tenancy ensure optimal resource allocation and control. Currently this is only supported for provider organizations in Multi-Tenancy configuration through VMware Cloud Provider Hub.
This is a key step towards “Shared Infrastructure Multi-Tenancy” in a multi-tenant environment. In multi-tenant environment the provider will be able to allocate Virtual Private Zones for provisioning from Tenant side.
NSX Enhancements
Custom Role Based Access Control (RBAC)
Custom roles based access enables customers to closely align the roles they assign consumers and providers to the actual roles they hold within their organizations. It helps configuring restrictive enough roles, based on the actual tasks (permissions) users are eligible for and their eligible resources without overloading permissions with unnecessary tasks or confront organization security.
Base concept:
Available configurable permissions:
vSphere Supervisor Namespace Support
vRealize Orchestrator Integration
What's New June 2020
Approval For Onboarded Deployments And Cloud Assembly
FCD - IaaS API – CRUDL
IaaS API Filter Resources Within Particular Region In Cloud Accounts
Integration With vROPS Cloud
New vRA Cloud Service Regions
What's New May 2020
Approval Policy
API for Updating Cloud Account Password
Custom Day 2 Actions
Custom Resources
Deployment History
Day 2 Networking
Share Extensibility Actions Across Projects
What's New March 2020
Active Directory
Compute Limits
NSX-V: On-demand security Group
Pipeline as Catalog Item
Powershell Support Beta
Policy Enhancement
RBAC Enhancement
Storage Limit For vSphere
Security Group
Tagging API
What's New February 2020
OVA As A Catalog Item
Ansible Tower Integration
Persistent Disk API
Service Broker Admin To Manage K8s Zones
Approvals For Deployment Requests
Bulk Deployments
Networking Day 2 Actions
Networking Extensibility Events
Custom Forms
What's New January 2020
Cloud Assembly IaaS API
{ name : Compute name id : The id of this resource instance tags : A set of tag keys and optional values that were set on this resource instance type : Type of the compute instance externalRegionId : The external region id of the compute externalZoneId : The external zone id of the compute externalId : External entity id on the provider side orgId : The id of the organization that this entity belongs to createdAt : Date when the entity was created updatedAt : Date when the entity was last updated }
For more details, refer to vRealize Automation Cloud IaaS API Swagger documentation: https://www.mgmt.cloud.vmware.com/iaas/api/swagger/ui/.
What's New October 2019
What's New September 2019
What's New August 2019
What's New July 2019
What's New June 2019
What's New May 2019