For secure communication, vRealize Automation relies on certificates to create trusted relationships among components.

The specific implementation of the certificates required to achieve this trust depends on your environment.

To provide high availability and failover support, you might deploy load-balanced clusters of components. In this case, you obtain a multi-use certificate that includes the IaaS Web component in the cluster, and then copy that multi-use certificate to each component in the cluster. You can use Subject Alternative Name (SAN) certificates, wildcard certificates, or any other method of multi-use certification appropriate for your environment as long as you satisfy the trust requirements. If you use load balancers in your deployment, you must include the load balancer FQDN in the trusted address of the cluster mult-use certificate.

For example, if you have a load balancer configuration that requires a certificate on the load balancer as well as its components, you might obtain a SAN certificate to certify web-load-balancer.eng.mycompany.com, web-component-1.eng.mycompany.com, and web-component-2.eng.mycompany.com. You would copy that single multi-use certificate to the load balancer and each of the appliances and then register the certificate on the Web component machines.

The Certificate Trust Requirements table summarizes the trust registration requirements for various imported certificates.

Table 1. Certificate Trust Requirements

Import

Register

vRealize Automation appliance cluster

Web components cluster

Web component cluster

  • vRealize Automation appliance cluster

  • Manager Service components cluster

  • DEM Orchestrators and DEM Worker components

Manager Service component cluster

  • DEM Orchestrators and DEM Worker components

  • Agents and Proxy Agents