Enhance Your Own Private Cloud Governance with vRealize Automation

VMware vRealize Automation is a powerful tool to help organizations enhance their private cloud governance with effective automation. Let's see how.

Save to My DOJO

Enhance Your Own Private Cloud Governance with vRealize Automation

Organizations worldwide are having to rethink the way they deliver the technology needs of the business. COVID-19 has changed the way companies operate and end-users access resources and carry out business productivity. To meet the demand for increased digital resources, IT teams have had to improve the efficiency of their operations. However, security and governance are still top priorities that businesses cannot neglect.

Most organizations see a hybrid strategy for the foreseeable future, with a mix of public and private cloud. Automated processes help IT meet increased demands for today’s digital resources. It also helps to do this within the defined boundaries of your business and any regulatory requirements.

vRealize Automation – Purpose, Components, Resources, and Licensing

Many organizations today power their private cloud infrastructure with VMware vSphere. It is a powerful, robust platform that provides many capabilities and features to the enterprise. However, many organizations are also using public cloud environments. VMware vRealize Automation (vRA) is a component of the vRealize Cloud Suite that provides a modern infrastructure automation platform that increases productivity and agility, not only in VMware vSphere but also across public cloud infrastructure.

It does this by taking very manual administrative tasks and enables IT teams to automate these processes. Public cloud processes and automation has shifted the way businesses want to provision infrastructure with automated processes. With vRealize Automation, companies can introduce similar automated workflows to provision environments and resources in a public cloud-like experience.

VMware vRealize Automation provides the following key benefits:

    • Easy to set up and simple to use – VMware provides an Easy Installer that provides an easy way to stand up necessary components of the vRealize Cloud Suite, including vRealize Suite Lifecycle Manager, Workspace ONE, and vRealize Automation
    • Secure and compliant – As businesses provide consistent orchestration using self-service processes with controlled, automated workflows, they can maintain governance across a multi-cloud environment
    • Agility – Businesses can deliver fast and agile service deliver with Infrastructure as Code (IaC) and vRealize Automation
    • Faster time to market – Organizations can deliver software releases much quicker
    • High availability and reliability – It enables consistent automation throughout the entire lifecycle of an application
    • Any app on any cloud – Provision and run apps, virtual machines, containers, and other resources across multi-cloud environments

Components of vRealize Automation

There are three main components to vRealize Automation. These include the following:

    • Cloud Assembly – It is a multi-cloud provisioning service that offers the ability to create a private cloud. Cloud Assembly is essentially an API layer that the Blueprint Engine uses and supports vRealize Orchestrator workflows and event-broker subscriptions
    • Code Stream – Provides a CI/CD pipeline for DevOps. It automates application and infrastructure delivery with pipeline management. It also provides out-of-the-box integrations for existing tools and processes.
    • Service Broker – It aggregates content from different platforms, including Cloud Assembly, vRealize Orchestrator, and provides the product catalog for self-service delivery. It also provides the policies to help organizations enforce governance.
    • vRealize Orchestrator – Historically a separate product, VMware vRealize Orchestrator is a modern workflow automation platform that simplifies and automates complex data center tasks and is now included when you install vRA.

Overview of vRealize Automation components

Overview of vRealize Automation components

Resources

When doing a vRealize automation installation, the Easy Installer will provision the vRA resources in your VMware vSphere environment. The deployed resources include the following:

    • vRealize Lifecycle Manager
    • vRealize Automation
    • VMware Identity Manager

The Easy Installer is an ISO file downloaded from the VMware portal. It provides a wizardized deployment of your vRealize automation installation.

Using the vRealize Automation Easy Installer to install vRA, vRLCM, and VMware Identity Manager

Using the vRealize Automation Easy Installer to install vRA, vRLCM, and VMware Identity Manager

What are the system requirements for the three VMs provisioned as part of the Easy Installer for vRealize automation installation?

Requirements vRealize Suite Lifecycle Manager VMware Identity Manager vRealize Automation
      Medium Profile Extra Large Profile
Total Disk Size 78 GB 100 GB 246 GB (Only for single node Installation) 246 GB (Only for single node Installation)
Virtual CPU

2

8

12

24

Memory/RAM Size 6 GB 16 GB 42 GB 96 GB
Maximum Network Latency     5 ms between each cluster node 5 ms between each cluster node
Maximum Storage Latency     20 ms for each disk IO operation from any vRA node 20 ms for each disk IO operation from any vRA node

Licensing

VMware vRealize Automation licensing is part of the vRealize Suite of products from VMware. VMware vRealize Suite is licensed using Portable License Unit (PLU) that offers flexibility to manage workloads on-premises and in the cloud. There is no license switching or conversion required between on-premises and cloud infrastructure. One PLU allows usage of vRealize Suite to manage unlimited operating system instances (OSI) deployed on-premises on one vSphere CPU or up to 15 OSIs deployed in the public cloud.

There are no limits on the number of VMs you can manage using vRealize Suite on a vSphere CPU. However, it requires the vSphere CPU to be licensed for vRealize Suite or vCloud Suite. VMware vRealize Automation licensing is found in the Advanced Edition of the VMware vRealize Suite. The Advanced Edition supports IT automation to IaaS use cases. Note the solutions found in the various versions of VMware vRealize Suite.

vRealize Automation licensing and components of VMware vRealize Suite editions

vRealize Automation licensing and components of VMware vRealize Suite editions

You can learn more information on how to purchase vRealize Automation from the VMware “How to Buy” resource page found here:

Integration with cloud services

VMware vRealize Automation provides integration with a wide variety of cloud services and includes integration with most cloud service providers organizations are using today. In VMware vRealize Automation, integrating with various cloud services is as simple as adding a new cloud account. Once a cloud account is added in vRealize Automation, vRA can extend automation features to the various environments.

What cloud accounts are available within vRealize Automation for integration? These include:

    • Amazon Web Services
    • Google Cloud Platform
    • Microsoft Azure
    • NSX-T Manager
    • NSX-V Manager
    • vCenter Server
    • VMware Cloud Director
    • VMware Cloud Foundation
    • VMware Cloud on AWS

Adding a new cloud account in vRA

Adding a new cloud account in vRA

You may have seen reference to vRealize Automation Cloud. What is this? VMware vRealize Automation Cloud is formerly known as VMware Cloud Automation Services. With vRealize Automation Cloud, customers get a fully managed vRealize Automation solution hosted in the VMware Cloud as a SaaS solution. It means the vRealize Automation infrastructure is fully managed, and you can simply consume the automation services provided by the product without worrying about the underlying infrastructure.

vRO vs. vRA – What’s the difference?

As mentioned above, when you install a current installation of vRealize Automation, it includes vRealize Orchestrator (vRO) as part of the solution. Both vRA and vRO provide automation benefits to your environments. VMware vRealize Automation provides a self-service experience and the capability to build out blueprints for infrastructure resources. In addition, it provides the tools for IT admins to define their infrastructure and provide the self-service and governance needed for end-users and consumers.

VMware vRealize Orchestrator provides a workflow engine that complements the features of vRA to provide more powerful automation capabilities. The entire focus of vRO is workflows via APIs from solutions like vRealize Operations Manager. In addition, it can perform standalone automation tasks externally to vRA.

Most common use cases

Many use cases are satisfied by using vRealize Automation. However, consider the following use cases that vRealize can accomplish:

    • Create a self-service portal where users are delegated the workflows needed to provision infrastructure
    • Offer other services beyond infrastructure, for example—PaaS, XaaS
    • The requirement to integrate with CMDB or ITSM tools to track activities when creating resources such as new virtual machines
    • Integration with an IPAM system for obtaining network addressing for a virtual machine
    • Advanced governance capabilities
    • Deployment of resources across hybrid cloud environment

How does it compare to other solutions like Terraform or Ansible?

Most IT admins will want to know and understand how vRealize Automation compares to other automation tools they have heard about or used. Two of these tools that come to mind are Terraform and Ansible. What are these?

    • Terraform

Terraform is a popular Infrastructure as Code (IaC) solution. It allows writing declarative Infrastructure as Code in the Hashicorp Configuration Language (HCL) that can run in DevOps pipelines. Like vRealize Automation, Terraform enables organizations to interact with and build infrastructure across clouds using automation.

Terraform is freely available for download at no cost and is a simple command-line tool. VMware vRealize is a GUI tool that provides many of the same features of Terraform and arguably much better integration with vSphere environments. However, it is a paid product. Out of the box, vRealize Automation provides more robust tooling for configuring a self-service environment with the governance requirements.

    • Ansible

Ansible is another prevalent automation framework. However, Ansible differs in purpose compared to Terraform and vanilla vRealize Automation. Ansible is a configuration management framework that is focused on how to remediate configuration drift than provisioning infrastructure. It can provision infrastructure, but this is not its strong suit. Conversely, Terraform can perform some post-process tasks for configuration management, but this is not its strength either.

VMware recently introduced vRealize Automation Salt Stack Config, a modern configuration management solution that is a separate download integrated into vRealize Automation. It provides the tools for organizations to extend the infrastructure automation capabilities of vRealize Automation with the configuration management features of Salt Config.

Who is likely to leverage which?

As mentioned, Terraform, Ansible, and many other automation platforms are popular in the enterprise today. Terraform, Ansible, and vRealize Automation can all successfully automate your environment. However, each has its strengths and weaknesses. So, what makes the difference between choosing Terraform, Ansible, or vRealize Automation?

Both Terraform and Ansible are free downloads that are readily available to begin automating from the command line. However, to have a GUI interface and other governance features in a supported way with Terraform and Ansible, you must upgrade to the paid versions of the tools with Terraform Enterprise and Ansible Tower. VMware vRealize is a paid product only. There is no free version you can download, aside from a time-limited trial version.

Organizations already heavily invested in VMware technologies will benefit from the seamless integration between vRealize Automation and VMware technologies. However, as mentioned, it also has strong capabilities in cloud environments. Therefore, many who are VMware shops will likely see benefits to investing in vRealize Automation.

Terraform and Ansible will likely draw many from VMware environments due to their open-source nature, easy learning curves, and robust capabilities. In addition, both have modules for VMware vSphere. However, these are lacking in seamless integration and strong governance capabilities provided by vRealize Automation. To get similar role-based access control and governance workflows comparable to vRealize Automation, organizations will need to invest in the paid versions of Terraform and Ansible.

Again, it is common to see organizations using a combination of tools. It is unlikely that one single tool will fit absolutely every use case of everyone in a single industry or business sector. SMBs, large IT departments, and cloud providers will have their favorite tools for automation and configuration management. VMware vRealize Automation again will appeal to SMBs, IT departments, and cloud providers who are invested in VMware technologies and familiar with the VMware ecosystem. The additional cloud capabilities of vRA are icing on the cake.

Organizations may find themselves using a combination of vRA and other tools. The great thing about vRA is it supports PowerShell, Terraform, Salt, and other configuration languages. So, vRA can be the engine organizations are using that easily provides role-based access and governance capabilities and the ability to incorporate other scripting and configuration languages.

What is IT governance, and why is it important?

IT governance has been described as the formal framework that allows organizations to ensure IT processes and procedures align with the business’s overall objectives and other requirements. These help to ensure IT activities meet:

    • Business strategies and goals
    • Legal and regulatory obligations
    • Reliability and uniformity of processes
    • Comply with corporate governance requirements
    • Mitigate risks associated with security concerns

A large part of IT governance is making decisions in a repeatable, structured manner to support investment in and use of IT to achieve an organization’s goals. It requires a framework or structure that defines roles and responsibilities, processes, policies, and criteria that help business stakeholders make sound decisions.

How does vRealize Automation allow businesses to enhance cloud governance?

As mentioned, organizations must make repeatable, structured decisions and have the processes and tools to support these requirements. VMware vRealize Automation provides the means to produce an automated framework to overcome the challenges of IT governance in several ways.

    • Self-service provisioning with consistent governance and compliance – vRealize Automation provides fine-grained governance capabilities that allow admins to apply policies and approval workflows to provide the security and guardrails needed for consistent provisioning. In addition, it provides users with a content catalogue that includes blueprints, templates, and images from multiple clouds and platforms.
    • It enables multi-cloud automation with governance – Extending the on-premises capabilities of vRealize Automation, it can provide the same benefits to multi-cloud environments with public clouds, including Amazon Web Services, Microsoft Azure, and Google Cloud Platform.
    • Kubernetes automation – Using vRealize Automation, companies can implement self-service automation and governance for Kubernetes clusters and application deployment. With vRA, organizations can manage and govern Kubernetes clusters and namespaces and import their existing clusters while doing this within the governance boundaries defined by the business.
    • DevOps for infrastructure – Most businesses are adopting agile development methodologies. VMware vRA allows businesses to support on-premises developers with a range of sandbox development environments and CI/CD pipeline process while enforcing governance.
    • Multi-cloud governance – Many may think of vRealize Automation as a VMware vSphere-only product. However, VMware has evolved vRealize Automation into a robust multi-cloud tool that provides tigheter integrations with multi-cloud provisioning and governance across multiple public cloud environments. These include: Amazon AWS, Google Cloud, Microsoft Azure, and VMware Cloud.
    • Personalized policies – In most environments, each user or consumer requires a personalized service for specific business use cases. VMware vRealize Automation provides this ability using policies. Fine-grained policies work with personalized services offered in vRA. A developer may need to have a development environment, spun up in the public cloud such as Amazon AWS. Another consumer may need a similar service, but personalized so that it gets deployed into the private cloud with the appropriate approvals in place. All of this is possible using vRealize Automation.
    • Network automation – One of the most difficult types of infrastructure to automate is the network. However, with software-defined network technologies like VMware NSX, IT operations can deliver agile network operations via code. Using vRA, organizations can provide governance around network automation. Instead of governance issues being a blocker to operations, these are simply handled behind the scenes with vRA.
    • Security framework – One of the most common issues with security is inconsistent operations, configuration, and ensuring security measures are implemented consistently across the infrastructure landscape. With vRA, businesses can ensure appropriate security guardrails are baked into the deployment of infrastructure with code as vRA handles this automatically.

Create a quick workflow with governance using vRealize Automation

As soon as you have done the vRealize automation installation and it is up and running, it provides an easy way to create the first workflow you can assign to an end-user or other consumer.

Select the account type to add during the vRA Quickstart wizard

Select the account type to add during the vRA Quickstart wizard

Select the content to enable during the Quickstart. It includes VM template images.

Adding VM templates and specifying the settings for the first cloud template
Adding VM templates and specifying the settings for the first cloud template

Skipping to 5 Policies, you will see the ability to configure governance policies for self-service applications. Note how you can easily define an approval workflow, lease time for the resources, and enforce a naming convention for the newly created VM resources.

Defining governance settings during the vRA Quickstart
Defining governance settings during the vRA Quickstart

Accepting the settings configured on the Summary screen and running the Quickstart.

Running the vRA Quickstart

Running the vRA Quickstart

The power of vRA includes assigning Active Directory users the projects that are defined for deploying infrastructure. In addition, it allows creating a self-service workflow including the governance settings defined.

Adding an Active Directory user to a vRA project
Adding an Active Directory user to a vRA project

Note the various constraints that you can define for a specific vRA project assigned to a user. These include constraints related to:

    • Network
    • Storage
    • Extensibility

You can also define resource tags, custom properties, and custom naming.

Configuring constraints for a vRA project
Configuring constraints for a vRA project

The governance settings and configuration possibilities with vRA are robust and allow organizations to control and constrain how resources are provisioning in the environment. In addition, it helps to align the workflows with the governance requirements of the business.

Final Thoughts

VMware vRealize Automation is a powerful tool that can provide the tools needed to meet and exceed the governance requirements defined by the business. Governance is an essential topic in organizations today with the growing demands on companies to meet regulatory, security, and other needs.

As businesses continue to implement and use hybrid cloud solutions, spanning on-premises and cloud environments, they need to use well-versed solutions, both in on-premises technologies and cloud services. VMware vRealize Automation has matured into a robust solution equally capable in cloud environments as it is in VMware vSphere. Organizations can use vRealize Automation to empower teams to automate infrastructure deployment in a self-service way. In addition, it provides built-in functionality to enable role-based access and governance constraints to ensure infrastructure is deployed appropriately.

Is vRealize Automation worth the investment for organizations today? It comes down to the standard answer of “it depends” for most organizations. Some businesses may already have preferred tooling for infrastructure automation and may have another means to enforce governance constraints.

Even with that being the case, companies do well to investigate the features and functionality provided by vRealize Automation. It provides one of the best out-of-the-box workflows and role-based access experiences you will find on the market. VMware vRealize Automation also allows integrating the tools you already use, like Terraform, and extending these with the robust integrations made possible by vRA.

VMware vRealize Automation allows organizations to easily stand up the self-service portal and cloud-like service catalog to provide the same rich public cloud experience on-premises. With the rich cloud integrations found out-of-the-box, businesses can easily connect to the cloud services they most likely are using today, including AWS, Azure, GCP, and others.

Learn more about vRealize Automation and how it can extend your automation and governance needs at the official vRealize and vCloud Suite page here:

Altaro VM Backup
Share this post

Not a DOJO Member yet?

Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!

Frequently Asked Questions

It is an automation and workflow solution that can automate with Infrastructure as Code and provide access to a self-service portal for end-users and other consumers to run automated tasks with governance guardrails.
VMware vRealize Automation provides a turnkey solution for automating your infrastructure. Out-of-the-box, it allows IT admins to apply role-based access control and governance to automated workflows.
The vRealize Automation infrastructure spins up as three separate VMs (vRealize Lifecycle Manager, VMware Identity Manager, and vRealize Automation). It works by adding the cloud accounts for your environments, including vSphere, AWS, Azure, and GCP. Once the cloud accounts are added, vRA provides the hooks and automation tools to provision infrastructure and perform automated tasks in these cloud environments.
VMware vRealize is a suite of solutions that fall under the umbrella of the vRealize product line. It includes vRealize Operations, vRealize Orchestrator, vRealize Lifecycle Manager, vRealize Automation, and other tools.

Leave a comment

Your email address will not be published.

Microsoft 365 Security checklist - free eBook