For secure communication, vRealize Automation relies on certificates to create trusted relationships among components.

The specific implementation of the certificates required to achieve this trust depends on your environment.

To provide high availability and failover support, you might deploy load-balanced clusters of components. In this case, you obtain a multiple-use certificate that includes the IaaS component in the cluster, and then copy that multiple-use certificate to each component. You can use Subject Alternative Name (SAN) certificates, wildcard certificates, or any other method of multiple-use certification appropriate for your environment as long as you satisfy the trust requirements. If you use load balancers in your deployment, you must include the load balancer FQDN in the trusted address of the cluster multiple-use certificate.

For example, if you have a load balancer on the Web components cluster, one that requires a certificate on the load balancer as well as the Web components behind it, you might obtain a SAN certificate to certify web-load-balancer.mycompany.com, web1.mycompany.com, and web2.mycompany.com. You would copy that single multiple-use certificate to the load balancer and vRealize Automation appliances, and then register the certificate on the two Web component machines.

The Certificate Trust Requirements table summarizes the trust registration requirements for various imported certificates.

Table 1. Certificate Trust Requirements

Import

Register

vRealize Automation appliance cluster

Web components cluster

Web component cluster

  • vRealize Automation appliance cluster

  • Manager Service components cluster

  • DEM Orchestrators and DEM Worker components

Manager Service component cluster

  • DEM Orchestrators and DEM Worker components

  • Agents and Proxy Agents