The vRealize Automation appliance is a partially configured virtual machine that hosts the vRealize Automation server and user web portal. You download and deploy the appliance open virtualization format (OVF) template to vCenter Server or ESX/ESXi inventory.


  • Create an unconfigured appliance. See Deploy the vRealize Automation Appliance.

  • Obtain an authentication certificate for the vRealize Automation appliance.

    If your network or load balancer requires it, later procedures copy the certificate to the load balancer and additional appliances.


  1. Log in to the unconfigured vRealize Automation appliance management interface as root.


    Continue past any certificate warnings.

  2. If the installation wizard appears, cancel it so that you can go to the management interface instead of the wizard.
  3. Select Admin > Time Settings, and set the time synchronization source.



    Host Time

    Synchronize to the vRealize Automation appliance ESXi host.

    Time Server

    Synchronize to one external Network Time Protocol (NTP) server. Enter the FQDN or IP address of the NTP server.

    You must synchronize all vRealize Automation appliances and IaaS Windows servers to the same time source. Do not mix time sources within a vRealize Automation deployment.

  4. Select vRA Settings > Host Settings.



    Resolve Automatically

    Select Resolve Automatically to specify the name of the current host for the vRealize Automation appliance.

    Update Host

    For new hosts, select Update Host. Enter the fully qualified domain name of the vRealize Automation appliance,, in the Host Name text box.

    For distributed deployments that use load balancers, select Update Host. Enter the fully qualified domain name for the load balancer server,, in the Host Name text box.


    Configure SSO settings as described later in this procedure whenever you use Update Host to set the host name.

  5. Select the certificate type from the Certificate Action menu.

    If you are using a PEM-encoded certificate, for example for a distributed environment, select Import.

    Certificates that you import must be trusted and must also be applicable to all instances of vRealize Automation appliance and any load balancer through the use of Subject Alternative Name (SAN) certificates.

    If you want to generate a CSR request for a new certificate that you can submit to a certificate authority, select Generate Signing Request. A CSR helps your CA create a certificate with the correct values for you to import.


    If you use certificate chains, specify the certificates in the following order:

    1. Client/server certificate signed by the intermediate CA certificate

    2. One or more intermediate certificates

    3. A root CA certificate



    Keep Existing

    Leave the current SSL configuration. Select this option to cancel your changes.

    Generate Certificate

    1. The value displayed in the Common Name text box is the Host Name as it appears on the upper part of the page. If any additional instances of the vRealize Automation appliance available, their FQDNs are included in the SAN attribute of the certificate.

    2. Enter your organization name, such as your company name, in the Organization text box.

    3. Enter your organizational unit, such as your department name or location, in the Organizational Unit text box.

    4. Enter a two-letter ISO 3166 country code, such as US, in the Country text box.

    Generate Signing Request

    1. Select Generate Signing Request.

    2. Review the entries in the Organization, Organization Unit, Country Code, and Common Name text boxes. These entries are populated from the existing certificate. You can edit these entries if needed.

    3. Click Generate CSR to generate a certificate signing request, and then click the Download the generated CSR here link to open a dialog that enables you to save the CSR to a location where you can send it to a certificate authority.

    4. When you receive the prepared certificate, click Import and follow instructions for importing a certificate into vRealize Automation.


    1. Copy the certificate values from BEGIN PRIVATE KEY to END PRIVATE KEY, including the header and footer, and paste them in the RSA Private Key text box.

    2. Copy the certificate values from BEGIN CERTIFICATE to END CERTIFICATE, including the header and footer, and paste them in the Certificate Chain text box. For multiple certificate values, include a BEGIN CERTIFICATE header and END CERTIFICATE footer for each certificate.


      In the case of chained certificates, additional attributes may be available.

    3. (Optional) If your certificate uses a pass phrase to encrypt the certificate key, copy the pass phrase and paste it in the Passphrase text box.

  6. Click Save Settings to save host information and SSL configuration.
  7. If required by your network or load balancer, copy the imported or newly created certificate to the virtual appliance load balancer.

    You might need to enable root SSH access in order to export the certificate.

    1. If not already logged in, log in to the vRealize Automation appliance Management Console as root.
    2. Click the Admin tab.
    3. Click the Admin sub menu.
    4. Select the SSH service enabled check box.

      Deselect the check box to disable SSH when finished.

    5. Select the Administrator SSH login check box.

      Deselect the check box to disable SSH when finished.

    6. Click Save Settings.
  8. Configure the SSO settings.
  9. Click Services.

    All services must be running before you can install a license or log in to the console. They usually start in about 10 minutes.


    You can also log in to the appliance and run tail -f /var/log/vcac/catalina.out to monitor service startup.

  10. Enter your license information.
    1. Click vRA Settings > Licensing.
    2. Click Licensing.
    3. Enter a valid vRealize Automation license key that you downloaded when you downloaded the installation files, and click Submit Key.

    If you experience a connection error, you might have a problem with the load balancer. Check network connectivity to the load balancer.

  11. Select whether to enable vRealize Code Stream and enter a vRealize Code Stream license.

    vRealize Code Stream is not supported for high-availability or production vRealize Automation deployments.

  12. Click Messaging. The configuration settings and status of messaging for your appliance is displayed. Do not change these settings.
  13. Click the Telemetry tab to choose whether to join the VMware Customer Experience Improvement Program (CEIP).

    Details regarding the data collected through CEIP and the purposes for which it is used by VMware are set forth at the Trust & Assurance Center at

    • Select Join the VMware Customer Experience Improvement Program to participate in the program.

    • Deselect Join the VMware Customer Experience Improvement Program to not participate in the program.

  14. Click Save Settings.
  15. Confirm that you can log in to vRealize Automation.
    1. Open a Web browser to the vRealize Automation product interface URL.


    2. If prompted, continue past the certificate warnings.
    3. Log in with administrator@vsphere.local and the password you specified when you configured SSO.

      The interface opens to the Tenants page on the Administration tab. A single tenant named vsphere.local appears in the list.