For secure communication, vRealize Automation relies on certificates to create trusted relationships among components.

The specific implementation of the certificates required to achieve this trust depends on your environment.

To provide high availability and failover support, you might deploy load-balanced clusters of components. In this case, you obtain a multi-use certificate that includes the IaaS Web component in the cluster, and then copy that multi-use certificate to each component in the cluster. You can use Subject Alternative Name (SAN) certificates, wildcard certificates, or any other method of multi-use certification appropriate for your environment as long as you satisfy the trust requirements. Depending on your load balancer configuration, you may need to certify the load balancer as part of the multi-use certificate for the cluster.

For example, if you have a load balancer configuration that requires a certificate on the load balancer as well as its components, you might obtain a SAN certificate to certify web-load-balancer.eng.mycompany.com, web-component-1.eng.mycompany.com, and web-component-2.eng.mycompany.com. You would copy that single multi-use certificate to the load balancer and each of the appliances and then register the certificate on the Web component machines.

The Certificate Importation and Registration table summarizes the registration requirements for various imported certificates.

Table 1. Certificate Importation and Registration

Import

Register

vRealize Automation appliance cluster

Web components cluster

Web components cluster

  • vRealize Automation appliance cluster

  • Manager Service components cluster

  • DEM Orchestrators and DEM Worker components

Manager Service components cluster

  • DEM Orchestrators and DEM Worker components

  • Agents and Proxy Agents