Self-Service Hybrid Cloud – Part 1 – Provide Self-Service Catalog for VMware Cloud on AWS using vRealize Automation

Original blog posted on May 27th

Are you using VMware Cloud on AWS? Discover how vRealize Automation Cloud and its Self-Service Catalog helps you streamline consumption with its common, policy-driven catalog; and learn how to deploy a virtual machine using the tool. 

So you built a hybrid cloud model using VMware Cloud on AWS and are undoubtedly benefiting from all the goodness a true hybrid cloud can bring to your organization. VMware Cloud on AWS has helped many of our customers quickly and easily achieve a path to hybrid cloud and because it is based on vSphere inside a AWS datacenter, thereby attaining a truly consistent hybrid infrastructure. This consistent infrastructure makes application mobility, disaster recover and seasonal bursting easier than ever.

But what if you also had a rich set of services accessible via a Self-Service portal that can take that investment in VMware Cloud on AWS and take it up a notch! Enter vRealize Automation into the mix and you can achieve just that – a self-service portal for your hybrid cloud.

Some other benefits of using vRealize Automation as the automation platform for VMware Cloud on AWS are:

  • Self-Service Catalog
  • Consumption of SDDC
  • Infrastructure and Code
  • Custom Actions and Resources
  • API Calls
  • Deploying AWS Native Services including Cloud Formation Templates
  • Policies and Governance…costing too!
  • Pipelines as a Service
  • and much much more..!!

In this blog I will focus on the Self-Service Catalog capabilities that vRealize Automation Cloud contains. The vRealize Automation Cloud catalog portal is called Service Broker, so for the remainder of this blog I will refer to the catalog as Service Broker, if you are unfamiliar with Service Broker then check out this blog to gain a little more understanding.

 

Providing Self Service for VMware Cloud on AWS

 

Since vRealize Automation Cloud has out-of-the-box integration with VMware Cloud on AWS it is easy to get started publishing content to Service Broker. Once your items are published to Service Broker, users can login and see the items that they are entitled to request. Administrators can then apply governance and policies to those deployments and requests. The image below is an example what the Service Broker Catalog looks like, notice there are VMware Cloud on AWS machine blueprints, AWS native services, and AWS CFT sourced items as an example. There are various content sources for Service Broker like Code Stream Pipelines, AWS CFT, Cloud Assembly Blueprints, vRO Workflows (XaaS), ABX Action(FaaS).

 

 

Service Broker request forms can be highly customized using our “Custom Forms” designer. The Custom Form designer is a easy to use canvas that allows you to drag/drop elements such as dropdowns or checkboxes, then these choices can bind to other elements and create a more rich experience for the user. Learn more about Custom Forms here.

Let’s take a look at how the Blueprint was created and published to Service Broker in more detail.

 

Self-Service Machine Deployment Overview

 

One of the easiest and quickest things to setup in vRealize Automation Cloud are catalog items that will deploy virtual machines and since VMware Cloud on AWS is an out of the box cloud account this is quite simple to setup. With Service Broker users can deploy a machine that is then automatically placed in the appropriate security group and apply the appropriate storage policies all with a single click.

Since VMware Cloud on AWS uses vSphere, NSX and VSAN as the underlying SDDC(Software-Defined-DataCenter) infrastructure, vRealize Automation Cloud can consume these constructs similarly to how it consumes on-prem SDDC.

To setup the VMware Cloud on AWS cloud account in vRealize Automation Cloud just go to Cloud Assembly –> Infrastructure –> Cloud Accounts and click the button Add Cloud Account. Then choose the VMware Cloud on AWS Tile and enter a name and your token. Once you validate your token you will see a dropdown list with the available SDDC’s that you can use. Once you pick your SDDC then fill in the other information like vCenter Username and Password. Once you click Create then you have added the cloud account.

Now you should see a Cloud Zone for the SDDC. So navigate to Infrastructure –> Cloud Zones and look for the SDDC Cloud Zone, it may look something like this:

 

Within the Cloud Zone you can see your compute clusters and resource pools. They can be tagged for placement or just observed as potential compute endpoints. Next you need to add this Cloud Zone to a Project. Once you do that, just setup any image mappings and flavor mappings as well, check out this blog if you need more information on mappings.

Next you may want to create Network and Storage profiles which provide a way to consume some of the SDDC policies and components, like NSX networks and VSAN storage policies within VMware Cloud on AWS. For instance when you create a Storage Profile and choose the VMware Cloud on AWS Cloud Zone then we expose the VSAN Storage Policy Based Management (SPBM) policies that exist already in your SDDC and they will be listed as options to choose from. These profiles can be tagged for easy consumption. If you want to create multiple Policies you can do that as well. The screenshot below shows that I chose two policies from the SPBM selection.

 

Here was can see the full list of SPBM policies in the VMware Cloud on AWS SDDC vCenter, this is just for you to observe vRealize Automation Cloud is showing what exists.

Network Profiles can also be very handy for making sure VMs get placed into the appropriate NSX Security Groups and Networks. You can create multiple Network Profiles and tag them for easy consumption as you are building out your blueprints and defining your infrastructure.

Within vRealize Automation Cloud you will see the VMware Cloud on AWS Network and Security Groups that are available for consumption. The screenshot below shows them in the vRealize Automation Cloud Network Profile section.

The screenshot below shows some of the Security Groups that are listed in the VMware Cloud on AWS portal.

 

For more information and prerequisites for integrating VMware Cloud on AWS with vRealize Automation see the main documentation link here.

Now that we have setup the Infrastructure section we can start building our Blueprint and ultimately publish to the Service Broker Catalog.

Navigate to Design –> Blueprints. Then click “New Blueprint”. I am going to use the Cloud Agnostic Machine resource type. Cloud Agnostic machines are useful in that you can use tags to place the machine in public or private clouds. If you want to use a vSphere Cloud Machine then that could be an option as well.

Pro Tip: If you want to use a vSphere Cloud Machine property like customizationSpec on a Cloud Agnostic machine then just copy/paste or type the customizationSpec property in the properties section of the Cloud Agnostic machine. If vRealize Automation Cloud places the machine on a vSphere endpoint it will look for that customizationSpec as an example.

Go ahead and build out a simple blueprint, you can make it look something like my example below.

 

Notice that I am tagging both the virtual machine and the network with env:vmc, that is the tag I used on the VMware Cloud on AWS cloud zone and other infrastructure components related to it, like the image mappings and network profiles. Once you have this done then go ahead and hit the “Test” button at the bottom of the page. This will ensure the system can determine placement (where its going to get deployed) and basic YAML syntax is correct.

If you want to Deploy the machine from the canvas just to test it deploys all the way without issue, then click the Deploy button at the bottom of the screen.

Once you are satisfied the machine will be deployed via your blueprint, then click the Version button at the bottom of the canvas. Then check the “Release” box. This checkbox will send this version of the blueprint to the catalog and can then ultimately be an item presented in Service Broker.

 

When the blueprint is released to the catalog it shows up as an item that can be requested by the user.

 

For more information on how to configure Service Broker to present the item check out this blog.

Once the item shows up in the catalog, click the Request link on the tile and you will be taken to the request page, fill out any needed inputs or fields.  Once you click Submit you will be taken to the Deployment section where you can monitor the deployment status and see the creation tasks. Once the deployment is Completed then you can review the information about the machine, see the historical events that occurred and instantiate Day 2 actions when you are ready. The screenshot below is an example of the deployment details screen.

 

 

Since I had the vRealize Automation Cloud Network Profile configured with the appropriate VMware Cloud on AWS Security Group, the Virtual Machine was automatically placed in the Security Group during deployment. The screenshot below shows the VM was placed in the Security Group.

 

 

Now you can login into your SDDC vCenter and see the machine is deployed! With this integration you can accelerate your consumption and usage of VMware Cloud on AWS. Stay tuned for the next blog in this series!

 

Other blogs that may be of interest:

Deploy Cloud Agnostic Applications with VMware vRealize Automation Cloud
Infrastructure as Code and vRealize Automation
Service Broker Policy Criteria

About the Authors

Leave a Reply

Your email address will not be published. Required fields are marked *