Foundations And Concepts VRealize. Automation 7.2 V Realize Vrealize 72

User Manual: Pdf vRealize Automation - 7.2 - Foundations and Concepts User Guide for VMware vRealize Software, Free Instruction Manual

Open the PDF directly: View PDF PDF.
Page Count: 42

Foundations and Concepts
vRealize Automation 7.2
This document supports the version of each product listed and
supports all subsequent versions until the document is
replaced by a new edition. To check for more recent editions of
this document, see http://www.vmware.com/support/pubs.
EN-002292-02
Foundations and Concepts
2 VMware, Inc.
You can find the most up-to-date technical documentation on the VMware Web site at:
hp://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2008–2017 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
Contents
Foundations and Concepts 5
Updated Information 5
Using Scenarios 6
Using the Goal Navigator 6
Introducing vRealize Automation 6
Providing On-Demand Services to Users Overview 7
vRealize Business for Cloud Overview 12
Tenancy and User Roles 12
Tenancy Overview 12
User Roles Overview 16
Service Catalog 22
Requesting and Managing Items in the Catalog 23
Creating and Publishing Catalog Items 23
Services for the Service Catalog 23
Catalog Items 24
Actions 24
Entitlements 24
Approval Policies 25
Infrastructure as a Service 25
Conguring Infrastructure Fabric 26
Infrastructure Source Endpoints 27
Compute Resources 27
Data Collection 28
Fabric Groups 29
Business Groups 29
Machine Prexes 29
Resource Reservations 29
Conguring Reservation Policies 30
Machine Blueprints 30
Machine Leases and Reclamation 31
Scaling and Reconguring Deployments 32
XaaS Blueprints and Resource Actions 34
Creating XaaS Blueprints and Actions 34
Custom Resources 34
Resource Mappings 35
XaaS Blueprints 35
Resource Actions 35
Designing Forms for XaaS Blueprints and Actions 35
Common Components 36
Notications 36
Branding 38
VMware, Inc. 3
Life Cycle Extensibility 38
vRealize Automation Extensibility Options 38
Leveraging Existing and Future Infrastructure 38
Conguring Business-Relevant Services 39
Extending vRealize Automation with Event-Based Workows 39
Integrating with Third-Party Management Systems 39
Adding New IT Services and Creating New Actions 39
Calling vRealize Automation Services from External Applications 40
Distributed Execution 40
Index 41
Foundations and Concepts
4 VMware, Inc.
Foundations and Concepts
VMware vRealize ™ Automation provides a secure portal where authorized administrators, developers, or
business users can request new IT services. In addition, they can manage specic cloud and IT resources that
enable IT organizations to deliver services that can be congured to their lines of business in a self-service
catalog.
This documentation describes the features and capabilities of vRealize Automation. It includes information
about the following subjects:
nvRealize Automation components
nCommon service catalog
nInfrastructure as a Service
nXaaS
nSoftware
For information about cost management for VMware vRealize ™ Automation, see the documentation for
VMware vRealize ™ Business ™ for Cloud.
Note Not all features and capabilities of vRealize Automation are available in all editions. For a
comparison of feature sets in each edition, see hps://www.vmware.com/products/vrealize-automation/.
Intended Audience
This information is intended for anyone who needs to familiarize themselves with the features and
capabilities of vRealize Automation.
VMware Technical Publications Glossary
VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For denitions
of terms as they are used in VMware technical documentation, go to
hp://www.vmware.com/support/pubs.
Updated Information
This Foundations and Concepts is updated with each release of the product or when necessary.
This table provides the update history of the Foundations and Concepts.
VMware, Inc. 5
Revision Description
EN-002292-02 Updated “Scaling and Reconguring Deployments,” on page 32.
EN-002292-01 nUpdated “Containers User Roles and Access Privileges,” on page 22.
nUpdated “Tenant Roles and Responsibilities in vRealize Automation,” on page 20.
EN-002292-00 Initial release.
Using Scenarios
You can use scenarios to build working samples of vRealize Automation functionality that you can learn
from or customize to suit your needs.
Scenarios walk you through the most common and simplied workow to complete a vRealize Automation
task. They do not contain options or choices, and serve as introductory examples to both basic and advanced
vRealize Automation functionality.
For example, you can use Installing and Conguring vRealize Automation for the Rainpole Scenario to install a
working proof of concept vRealize Automation deployment into your existing vSphere environment.
Using the Goal Navigator
The goal navigator guides you through high-level goals that you might want to accomplish in
vRealize Automation.
The goals you can achieve depend on your role. To complete each goal, you must complete a sequence of
steps that are presented on separate pages in the vRealize Automation console.
The goal navigator can answer the following questions:
nWhere do I start?
nWhat are all the steps I need to complete to achieve a goal?
nWhat are the prerequisites for completing a particular task?
nWhy do I need to do this step and how does this step help me achieve my goal?
The goal navigator is hidden by default. You can expand the goal navigator by clicking the icon on the left
side of the screen.
After you select a goal, you navigate between the pages needed to accomplish the goal by clicking each step.
The goal navigator does not validate that you completed a step, or force you to complete steps in a
particular order. The steps are listed in the recommended sequence. You can return to each goal as many
times as needed.
For each step, the goal navigator provides a description of the task you need to perform on the
corresponding page. The goal navigator does not provide detailed information such as how to complete the
forms on a page. You can hide the page information or move it to a more convenient position on the page. If
you hide the page information, you can display it again by clicking the information icon on the goal
navigator panel.
Introducing vRealize Automation
IT organizations can use VMware vRealize ™ Automation to deliver services to their lines of business.
vRealize Automation provides a secure portal where authorized administrators, developers or business
users can request new IT services and manage specic cloud and IT resources, while ensuring compliance
with business policies. Requests for IT service, including infrastructure, applications, desktops, and many
others, are processed through a common service catalog to provide a consistent user experience.
Foundations and Concepts
6 VMware, Inc.
You can improve cost control by using vRealize Automation to monitor resource and capacity usage. For
further cost control management, you can integrate vRealize Business Advanced or Enterprise Edition with
your vRealize Automation instance to expose the cost of cloud and virtual machine resources, and help you
beer manage capacity, cost, and eciency.
Providing On-Demand Services to Users Overview
You can use the IaaS, Software, and XaaS features of vRealize Automation to model custom on-demand IT
services and deliver them to your users through the vRealize Automation common service catalog.
Catalog items can range in complexity from a single, simple machine with no guest operating system to
complex custom application stacks delivered on multiple machine under a load balancer.
You can create and publish blueprints for a single machine, or a single custom XaaS resource, but you can
also combine machine blueprints and XaaS blueprints with other building blocks to design elaborate
application blueprints that include multiple machines, networking and security, software with full life cycle
support, and custom XaaS functionality. Because all published blueprints and blueprint components are
reusable, you can create a library of these components and combine them in new blueprints to deliver
increasingly complex on-demand services.
Published blueprints become catalog items that your service catalog administrators can deliver to your
users. The service catalog provides a unied self-service portal for consuming IT services. Service catalog
administrators can manage user access to catalog services, items, and actions by using entitlements and
approvals, and users can browse the catalog to request items they need, track their requests, and manage
their provisioned items.
Foundations and Concepts
VMware, Inc. 7
nInfrastructure as a Service Overview on page 9
With Infrastructure as a Service (IaaS), you can rapidly model and provision servers and desktops
across virtual and physical, private and public, or hybrid cloud infrastructures.
nSoftware Components Overview on page 9
Software components automate the installation, conguration, and life cycle management of
middleware and application deployments in dynamic cloud environments. Applications can range
from simple Web applications to complex and even packaged applications.
nXaaS Overview on page 10
With the XaaS, XaaS architects can create XaaS blueprints and resource action, and publish them as
catalog items.
nService Catalog Overview on page 10
The service catalog provides a unied self-service portal for consuming IT services. Users can browse
the catalog to request items they need, track their requests, and manage their provisioned items.
Foundations and Concepts
8 VMware, Inc.
nContainers Overview on page 11
You can use containers to gain access to additional instrumentation for developing and deploying
applications in vRealize Automation.
Infrastructure as a Service Overview
With Infrastructure as a Service (IaaS), you can rapidly model and provision servers and desktops across
virtual and physical, private and public, or hybrid cloud infrastructures.
Modeling is accomplished by creating a machine blueprint, which is a specication for a machine.
Blueprints are published as catalog items in the common service catalog, and are available for reuse as
components inside of application blueprints. When an entitled user requests a machine based on one of
these blueprints, IaaS provisions the machine.
With IaaS, you can manage the machine life cycle from a user request and administrative approval through
decommissioning and resource reclamation. Built-in conguration and extensibility features also make IaaS
a highly exible means of customizing machine congurations and integrating machine provisioning and
management with other enterprise-critical systems such as load balancers, conguration management
databases (CMDBs), ticketing systems, IP address management systems, or Domain Name System (DNS)
servers.
Software Components Overview
Software components automate the installation, conguration, and life cycle management of middleware
and application deployments in dynamic cloud environments. Applications can range from simple Web
applications to complex and even packaged applications.
By using a congurable scriptable engine, software architects fully control how middleware and application
deployment components are installed, congured, updated, and uninstalled on machines. Through the use
of Software properties, software architects can require or allow blueprint architects and end-users to specify
conguration elements such as environment variables. For repeated deployments, these blueprints
standardize the structure of the application, including machine blueprints, software components,
dependencies, and congurations, but can allow environment variables and property binding to be
recongured if necessary.
Deploying Any Application and Middleware Service
You can deploy Software components on Windows or Linux operating systems on vSphere,
vCloud Director, vCloud Air, and Amazon AWS machines.
nIaaS architects create reusable machine blueprints based on templates, snapshots, or Amazon machine
images that contain the guest agent and Software bootstrap agent to support Software components.
nSoftware architects create reusable software components that specify exactly how the software is
installed, congured, updated during deployment scale operations, and uninstalled on machines.
nSoftware architects, IaaS architects, and application architects use a graphical interface to model
application deployment topologies. Architects recongure Software properties and bindings as
required by the software architect, and publish application blueprints that combine Software
components and machine blueprints.
nCatalog administrators add the published blueprints to a catalog service, and entitle users to request the
catalog item.
nEntitled users request the catalog item and provide any conguration values designed to be editable.
vRealize Automation deploys the requested application, provisioning any machine(s), networking and
security components, and Software component(s) dened in the application blueprint.
nEntitled users request the scale in or scale out actions to adjust their deployments to changing workload
demands. vRealize Automation installs or uninstalls Software components on machines for scale, and
runs update scripts for dependent Software components.
Foundations and Concepts
VMware, Inc. 9
Standardization in Software
With Software, you can create reusable services using standardized conguration properties to meet strict
requirements for IT compliance. Software includes the following standardized conguration properties:
nModel-driven architecture that enables adding IT certied machine blueprints and middleware services
within the application blueprint.
nA delegation model for overriding conguration name value pairs between software architect,
application architect, and end user to standardize conguration values for application and middleware
service.
Software Extensibility and Open Architecture
You can download predened Software components for a variety of middleware services and applications
from the VMware Solution Exchange. Using either the vRealize CloudClient or vRealize Automation REST
API , you can programmatically import predened Software components into your vRealize Automation
instance.
nTo visit the VMware Solution Exchange, see
hps://solutionexchange.vmware.com/store/category_groups/cloud-management.
nFor information about vRealize Automation REST API, see Programming Guide and vRealize Automation
API Reference.
nFor information about vRealize CloudClient, see hps://developercenter.vmware.com/tool/cloudclient.
XaaS Overview
With the XaaS, XaaS architects can create XaaS blueprints and resource action, and publish them as catalog
items.
With XaaS, you can provide anything as a service using the capabilities of
VMware vRealize ™ Orchestrator ™. For example, you can create a blueprint that allows a user to request a
backup of a database. After completing and submiing a backup request, the user receives a backup le of
the database they specied.
An XaaS architect can create custom resource types mapped to vRealize Orchestrator object types and dene
them as items to be provisioned. A XaaS architect can then create blueprints from vRealize Orchestrator
workows and publish the blueprints as catalog items. The vRealize Orchestrator workows can be either
predened or independently developed by workow developers.
You can also use the XaaS to design additional actions that the consumer can perform on the provisioned
items. These additional actions are connected to vRealize Orchestrator workows and take the provisioned
item as input to the workow. To use this function for items provisioned by sources other than the XaaS, you
must create resource mappings to dene their resource types in vRealize Orchestrator.
For more information about vRealize Orchestrator and its capabilities, see the vRealize Orchestrator
documentation.
Service Catalog Overview
The service catalog provides a unied self-service portal for consuming IT services. Users can browse the
catalog to request items they need, track their requests, and manage their provisioned items.
Service architects and administrators can dene new services and publish them to the common catalog.
When dening a service, the architect can specify the kind of item that can be requested, and what options
are available to the consumer as part of submiing the request.
Group managers or line-of-business administrators can specify business policies such as who is entitled to
request specic catalog items or perform specic actions on provisioned items. They can also apply
congurable approval policies to catalog requests.
Foundations and Concepts
10 VMware, Inc.
Users responsible for managing the catalog, such as tenant administrators and service architects, can
manage the presentation of catalog items to the consumers of IT services, for example by grouping items
into service categories for easier navigation and highlighting new services to consumers on the portal home
page.
Containers Overview
You can use containers to gain access to additional instrumentation for developing and deploying
applications in vRealize Automation.
Containers for vRealize Automation allows vRealize Automation to support containers. You can provision
an application that is built from containers or from a combination of containers and VMs.
Container administrators can use Containers to perform the following tasks:
nModel containerized applications in vRealize Automation blueprints.
nProvision container hosts from the vRealize Automation service catalog.
nManage container hosts from within vRealize Automation.
nCreate or add hosts, and congure hosts. host congurations.
nSet resource quotas for containers.
nWork with templates, images, and registries.
nCreate and edit blueprints in the vRealize Automation service catalog.
nDevelop multi-container templates.
Container architects can add container components to a vRealize Automation blueprint.
The integrated Containers application uses the Docker Remote API to provision and manage containers,
including retrieving information about container instances. From a deployment perspective, developers can
use Docker Compose to create their application and deploy it through Containers in vRealize Automation.
Because that application is ready to be promoted from development to production, developers can enhance
the application to include dynamic networks or micro-segmentation.
Cloud administrators can manage the container host infrastructure, for example to govern capacity quotas
and approval workows.
Use the Containers Context-Sensitive Help
When working with Containers for vRealize Automation, you have access to a context-sensitive help system
that dynamically displays content for the task that you are currently performing.
After you open the Containers help system, the page content automatically updates based on your location
in the Containers user interface. You can view the Containers help system in a separate window, on a second
screen, or from a mobile device in parallel with the primary interface.
You can use the Containers help system outside of the trusted network and still receive instant
documentation page updates relative to where your cursor is in the Containers application.
1 Log in to the vRealize Automation console as a container administrator.
2 Click the Containers tab.
3 Click Help on the Containers Welcome page, next to the Add a Host buon.
You can refresh the web browser to redisplay the Welcome page.
Foundations and Concepts
VMware, Inc. 11
vRealize Business for Cloud Overview
With vRealize Business for Cloud, directors of cloud operations can monitor their expenditures and design
more cost-ecient cloud services.
vRealize Business for Cloud provides the following benets:
nDrives accountability by providing visibility into the cost of virtual infrastructure and public cloud
providers.
nPromotes eciencies in the virtual infrastructure by making it possible to compare the costs, eciency,
and availability of their private cloud with public cloud providers and industry benchmark data.
nOptimizes decisions about placement for virtual workloads and tradeos between buying new
hardware and using public cloud providers.
For more information about vRealize Business for Cloud, see the vRealize Business for Cloud
documentation set.
Tenancy and User Roles
vRealize Automation supports multiple tenants in the same installation. Users always log in and perform
their tasks in a specic tenant. Some administrator roles can manage conguration that aects multiple
tenants.
Tenancy Overview
A tenant is an organizational unit in a vRealize Automation deployment. A tenant can represent a business
unit in an enterprise or a company that subscribes to cloud services from a service provider.
Each tenant has its own dedicated conguration. Some system-level conguration is shared across tenants.
Table 1. Tenant Configuration
Configuration Area Description
Login URL Each tenant has a unique URL to the vRealize Automation console.
nThe default tenant URL is in the following format: hps://hostname/vcac
nThe URL for additional tenants is in the following format:
hps://hostname/vcac/org/tenantURL
Identity stores Each tenant requires access to one or more directory services, such as
OpenLDAP or Microsoft Active Directory servers, that are congured to
authenticate users. You can use the same directory service for more than one
tenant, but you must congure it separately for each tenant.
Branding A tenant administrator can congure the branding of the vRealize Automation
console including the logo, background color, and information in the header
and footer. System administrators control the default branding for all tenants.
Notication providers System administrators can congure global email servers that process email
notications. Tenant administrators can override the system default servers, or
add their own servers if no global servers are specied.
Business policies Administrators in each tenant can congure business policies such as approval
workows and entitlements. Business policies are always specic to a tenant.
Service catalog oerings Service architects can create and publish catalog items to the service catalog and
assign them to service categories. Services and catalog items are always specic
to a tenant.
Infrastructure resources The underlying infrastructure fabric resources, for example, vCenter servers,
Amazon AWS accounts, or Cisco UCS pools, are shared among all tenants. For
each infrastructure source that vRealize Automation manages, a portion of its
compute resources can be reserved for users in a specic tenant to use.
Foundations and Concepts
12 VMware, Inc.
About the Default Tenant
When the system administrator congures an Active Directory link using Directories management during
the installation of vRealize Automation, a default tenant is created with the built-in system administrator
account to log in to the vRealize Automation console. The system administrator can then congure the
default tenant and create additional tenants.
The default tenant supports all of the functions described in Tenant Conguration. In the default tenant, the
system administrator can also manage system-wide conguration, including global system defaults for
branding and notications, and monitor system logs.
User and Group Management
All user authentication is handled by Active Directory links that are congured through Directories
Management. Each tenant has one or more Active Directory links that provide authentication on a user or
group level.
The system administrator performs the initial conguration of single sign-on and basic tenant setup,
including designating at least one Active Directory link and a tenant administrator for each tenant.
Thereafter, a tenant administrator can congure additional Active Directory links and assign roles to users
or groups as needed.
Tenant administrators can also create custom groups within their own tenants and add users and groups to
those groups. Custom groups can be assigned roles or designated as the approvers in an approval policy.
Tenant administrators can also create business groups within their tenants. A business group is a set of
users, often corresponding to a line of business, department or other organizational unit, that can be
associated with a set of catalog services and infrastructure resources. Users and custom groups can be added
to business groups.
Comparison of Single-Tenant and Multitenant Deployments
vRealize Automation supports deployments with either a single tenant or multiple tenants. The
conguration can vary depending on how many tenants are in your deployment.
System-wide conguration is always performed in the default tenant and can apply to one or more tenants.
For example, system-wide conguration might specify defaults for branding and notication providers.
Infrastructure conguration, including the infrastructure sources that are available for provisioning, can be
congured in any tenant and is shared among all tenants. You divide your infrastructure resources, such as
cloud or virtual compute resources, into fabric groups and assign an administrator to manage those
resources as the fabric administrator. Fabric administrators can allocate resources in their fabric group to
business groups by creating reservations.
Single-Tenant Deployment
In a single-tenant deployment, all conguration can occur in the default tenant. Tenant administrators can
manage users and groups, congure tenant-specic branding, notications, business policies, and catalog
oerings.
All users log in to the vRealize Automation console at the same URL, but the features available to them are
determined by their roles.
Foundations and Concepts
VMware, Inc. 13
Figure 1. Single-Tenant Example
Tenant
admin
Business
group mgr
Business
Group
Business
goup mgr
Business
Group
http://vra.mycompany.com/vcac/
Default Tenant
(System and
infrastructure config)
System
admin
IaaS
admin Infrastructure Fabric
Hypervisors Public
clouds
Physical
servers
Default Tenant
• User management
• Tenant branding
• Tenant notification
providers
• Approval policies
• Catalog management
• Tenant creation
• System branding
• System notification
poviders
• Event logs
Fabric
admin Fabric
Group
Reservation Reservation
Fabric
admin Fabric
Group
Reservation Reservation
Fabric
admin Fabric
Group
Reservation Reservation
(Tenant config)
http://vra.mycompany.com/vcac/
Note In a single-tenant scenario, it is common for the system administrator and tenant administrator roles
to be assigned to the same person, but two distinct accounts exist. The system administrator account is
always administrator@vsphere.local, and the system administrator account creates a local user account to
assign the tenant administrator role.
Multitenant Deployment
In a multitenant environment, the system administrator creates tenants for each organization that uses the
same vRealize Automation instance. Tenant users log in to the vRealize Automation console at a URL
specic to their tenant. Tenant-level conguration is segregated from other tenants and from the default
tenant. Users with system-wide roles can view and manage conguration across multiple tenants.
There are two main scenarios for conguring a multi-tenant deployment.
Table 2. Multitenant Deployment Examples
Example Description
Manage infrastructure conguration
only in the default tenant
In this example, all infrastructure is centrally managed by IaaS administrators
and fabric administrators in the default tenant. The shared infrastructure
resources are assigned to the users in each tenant by using reservations.
Manage infrastructure conguration in
each tenant
In this scenario, each tenant manages its own infrastructure and has its own
IaaS administrators and fabric administrators. Each tenant can provide its own
infrastructure sources or can share a common infrastructure. Fabric
administrators manage reservations only for the users in their own tenant.
Foundations and Concepts
14 VMware, Inc.
The following diagram shows a multitenant deployment with centrally managed infrastructure. The IaaS
administrator in the default tenant congures all infrastructure sources that are available for all tenants. The
IaaS administrator can organize the infrastructure into fabric groups according to type and intended
purpose. For example, a fabric group might contain all virtual resources, or all Tier One resources. The
fabric administrator for each group can allocate resources from their fabric groups. Although the fabric
administrators exist only in the default tenant, they can assign resources to business groups in any tenant.
Note Some infrastructure tasks, such as importing virtual machines, can only be performed by a user with
both the fabric administrator and business group manager roles. These tasks might not be available in a
multitenant deployment with centrally managed infrastructure.
Figure 2. Multitenant Example with Infrastructure Configuration Only in Default Tenant
Tenant
admin
Tenant A
Business
group mgr
Business
Group
Business
group mgr
Business
Group
http://vra.mycompany.com/
vcac/org/tenanta/
Tenant
admin
Tenant B
Business
group mgr
Business
Group
Business
group mgr
Business
Group
http://vra.mycompany.com/
vcac/org/tenantb/
Tenant
admin
Tenant C
Business
group mgr
Business
Group
Business
group mgr
Business
Group
http://vra.mycompany.com/
vcac/org/tenantc/
Default
Tenant
(System and
infrastructure config)
System
admin
Fabric
admin
IaaS
admin
Fabric Group
Reservation Reservation
Fabric
admin Fabric Group
Resv Resv
Resv
Fabric
admin Fabric Group
Resv Resv
Resv
Infrastructure Fabric
Hypervisors Public
clouds
Physical
servers
http://vra.mycompany.com/vcac/
The following diagram shows a multitenant deployment where each tenant manages their own
infrastructure. The system administrator is the only user who logs in to the default tenant to manage
system-wide conguration and create tenants.
Each tenant has an IaaS administrator, who can create fabric groups and appoint fabric administrators with
their respective tenants. Although fabric administrators can create reservations for business groups in any
tenant, in this example they typically create and manage reservations in their own tenants. If the same
identity store is congured in multiple tenants, the same users can be designated as IaaS administrators or
fabric administrators in each tenant.
Foundations and Concepts
VMware, Inc. 15
Figure 3. Multitenant Example with Infrastructure Configuration in Each Tenant
User Roles Overview
Roles consist of a set of privileges that can be associated with users to determine what tasks they can
perform. Based on their responsibilities, individuals might have one or more roles associated with their user
account.
All user roles are assigned within the context of a specic tenant. However, some roles in the default tenant
can manage system-wide conguration that applies to multiple tenants.
System-Wide Role Overview
System-wide roles are typically assigned to an IT system administrator. In some organizations, the IaaS
administrator role might be the responsibility of a cloud administrator.
System Administrator
The system administrator is typically the person who installs vRealize Automation and is responsible for
ensuring its availability for other users. The system administrator creates tenants and manages system-wide
conguration such as system defaults for branding and notication providers. This role is also responsible
for monitoring system logs.
In a single-tenant deployment, the same person might also act as the tenant administrator.
IaaS Administrator
IaaS administrators manage cloud, virtual, networking, and storage infrastructure at the system level,
creating and managing endpoints and credentials, and monitoring IaaS logs. IaaS administrators organize
infrastructure into tenant-level fabric groups, appointing the fabric administrators who are responsible for
allocating resources within each tenant through reservations and reservation, storage, and networking
policies.
Foundations and Concepts
16 VMware, Inc.
System-Wide Roles and Responsibilities
Users with system-wide roles manage congurations that can apply to multiple tenants. The system
administrator is only present in the default tenant, but you can assign IaaS administrators to any tenant.
Table 3. System-Wide Roles and Responsibilities
Role Responsibilities How Assigned
System Administrator nCreate tenants.
nCongure tenant identity stores.
nAssign IaaS administrator role.
nAssign tenant administrator role.
nCongure system default branding.
nCongure system default notication
providers.
nMonitor system event logs, not including IaaS
logs.
nCongure the vRealize Orchestrator server for
use with XaaS.
nCreate and manage (view, edit, and delete)
reservations across tenants if also a fabric
administrator.
Built-in administrator credentials are
specied when conguring single
sign-on.
IaaS Administrator nCongure IaaS features, global properties.
nCreate and manage fabric groups.
nCreate and manage endpoints.
nManage endpoint credentials.
nCongure proxy agents.
nManage Amazon AWS instance types.
nMonitor IaaS-specic logs.
nCreate and manage (view, edit, and delete)
reservations across tenants if also a fabric
administrator.
The system administrator designates
the IaaS administrator when
conguring a tenant.
Foundations and Concepts
VMware, Inc. 17
Tenant Role Overview
Tenant roles typically have responsibilities that are limited to a specic tenant, and cannot aect other
tenants in the system.
Foundations and Concepts
18 VMware, Inc.
Table 4. Tenant Role Overview
Role Description
Tenant Administrator Typically a line-of-business administrator, business
manager, or IT administrator who is responsible for a
tenant. Tenant administrators congure
vRealize Automation for the needs of their organizations.
They are responsible for user and group management,
tenant branding and notications, and business policies
such as approvals and entitlements. They also track
resource usage by all users within the tenant and initiate
reclamation requests for virtual machines.
Fabric Administrator Manages physical machines and compute resources
assigned to their fabric groups and creates and manages
the reservations and policies associated with those
resources within the scope of their tenant. They also
manage property groups, machine prexes, and the
property dictionary that are used across all tenants and
business groups.
Note If you add the fabric administrator role to a system-
wide role such as IaaS administrator or system
administrator, the fabric administrator can create
reservations for any tenant, not just their own.
Blueprint Architects Umbrella term for the individuals who are responsible for
creating blueprint components and assembling the
blueprints that dene catalog items for consumers to
request from the service catalog. These roles are typically
assigned to individuals in the IT department, such as
architects or analysts.
Catalog Administrator Creates and manages catalog services and manages the
placement of catalog items into services.
Approval Administrator Denes approval policies. These policies can be applied to
catalog requests through entitlements that a tenant
administrator or business group manager manage.
Approver Any user of vRealize Automation, for example, a line
manager, nance manager, or project manager, can be
designated as an approver as part of an approval policy.
Business Group Manager Manages one or more business groups. Typically a line
manager or project manager. Business group managers
entitlements for their groups in the service catalog. They
can request and manage items on behalf of users in their
groups.
Support User A role in a business group. Support users can request and
manage catalog items on behalf of other members of their
groups. This role is typically an executive administrator or
department administrator.
Business User Any user in the system can be a consumer of IT services.
Users can request catalog items from the service catalog
and manage their provisioned resources.
Foundations and Concepts
VMware, Inc. 19
Tenant Roles and Responsibilities in vRealize Automation
You can assign tenant roles to users in any tenant. The roles have responsibilities that are specic to that
tenant.
Table 5. Tenant Roles and Responsibilities
Role Responsibilities How Assigned
Tenant administrator nCustomize tenant branding.
nManage tenant identity stores.
nManage user and group roles.
nCreate custom groups.
nManage notication providers.
nEnable notication scenarios for
tenant users.
nCongure vRealize Orchestrator
servers, plug-ins and workows
for XaaS.
nCreate and manage catalog
services.
nManage catalog items.
nManage actions.
nCreate and manage entitlements.
nCreate and manage approval
policies.
nMonitor tenant machines and
send reclamation requests.
The system administrator designates a
tenant administrator when creating a
tenant. Tenant administrators can
assign the role to other users in their
tenant at any time from the
Administration tab.
Fabric administrator nManage property groups.
nManage compute resources.
nManage network proles.
nManage Amazon EBS volumes
and key pairs.
nManage machine prexes.
nManage property dictionary.
nCreate and manage reservations
and reservation policies in their
own tenant.
nIf this role is added to a user with
IaaS administrator or system
administrator privileges, the user
can create and manage
reservations and reservation
policies in any tenant.
The IaaS administrator designates the
fabric administrator when creating or
editing fabric groups.
Application architect nAssemble and manage composite
blueprints.
Tenant administrators can assign this
role to users in their tenant at any time
from the Administration tab.
Infrastructure architect nCreate and manage infrastructure
blueprint components.
nAssemble and manage composite
blueprints.
Tenant administrators can assign this
role to users in their tenant at any time
from the Administration tab.
XaaS architect nDene custom resource types.
nCreate and publish XaaS
blueprints.
nCreate and manage resource
mappings.
nCreate and publish resource
actions.
Tenant administrators can assign this
role to users in their tenant at any time
from the Administration tab.
Foundations and Concepts
20 VMware, Inc.
Table 5. Tenant Roles and Responsibilities (Continued)
Role Responsibilities How Assigned
Software architect nCreate and manage software
blueprint components.
nAssemble and manage composite
blueprints.
Tenant administrators can assign this
role to users in their tenant at any time
from the Administration tab.
Container architect nAdd, edit, and remove container
components in a blueprint by
using options on the Design tab.
nAdd, edit, and remove container
network components in a
blueprint by using options on the
Design tab.
Tenant administrators can assign this
role to users and groups in their tenant
at any time from the Administration
tab.
Container administrator Use all available options in the
Containers tab, including the
following tasks:
nCongure container hosts,
placements, and registries
nCongure container network
seings
nCreate container templates
Tenant administrators can assign this
role to users and groups in their tenant
at any time from the Administration
tab.
Catalog administrator nCreate and manage catalog
services.
nManage catalog items.
nAssign icons to actions.
Tenant administrators can assign this
role to users in their tenant at any time
from the Administration tab.
Business group manager nAdd and delete users within their
business group.
nAssign support user roles to
users in their business group.
nCreate and manage entitlements
for their business group.
nRequest and manage items on
behalf of a user in their business
group.
nMonitor resource usage in a
business group.
nChange machine owner.
The tenant administrator designates
the business group manager when
creating or editing business groups.
Approval administrator nCreate and manage approval
policies.
Tenant administrators can assign this
role to users in their tenant at any time
from the Administration tab.
Approver nApprove service catalog requests,
including provisioning requests
or any resource actions.
The tenant administrator or approval
administrator creates approval policies
and designates the approvers for each
policy.
Support user nRequest and manage items on
behalf of other users in their
business group.
nChange machine owner.
The tenant administrator designates
the support user when creating or
editing business groups.
Business user nRequest catalog items from the
service catalog.
nManage their provisioned
resources.
The tenant administrator designates
the business users who can consume
IT services when creating or editing
business groups.
Foundations and Concepts
VMware, Inc. 21
Containers User Roles and Access Privileges
You can use container-specic roles to control who can create and congure containers by using options in
the vRealize Automation Containers tab and who can add and congure container components in
blueprints by using options in the Design tab.
When you enable Containers, two container-specic roles appear in the list of roles that a
vRealize Automation tenant administrator can assign to users and groups.
User Role Description
Container
Administrator
Users and groups with this role can see the Containers tab in vRealize Automation. They can use
all theContainers options, such as conguring hosts, placements, and registries. They can also
create templates and provision containers and applications for conguration and validation
purposes.
Container Architect Users and groups with this role can use containers as components when creating and editing
blueprints in vRealize Automation. They have permission to see the Design tab in
vRealize Automation and to work with blueprints.
For information about vRealize Automation administrator and user roles, see User Roles Overview in the
vRealize Automation Information Center.
Tenant administrators can assign one or both of these roles to users or groups in their tenant at any time by
using options on the vRealize Automation Administration tab.
IaaS administrators automatically inherit the container administrator permissions to perform Containers
administrative tasks.
Consumers of catalog items that involve containers inherit the necessary privileges to access the resources
provided by the Containers. They can open and see the details of their container-related items and perform
day-two operations on them.
vRealize Automation users authenticated through VMware Identity Manager (vIDM) have access to
Containers.
vRealize Automation multi-tenancy and business group membership is implemented in Containers.
Service Catalog
The service catalog provides a common interface for consumers of IT services to use to request and manage
the services and resources they need.
Foundations and Concepts
22 VMware, Inc.
Requesting and Managing Items in the Catalog
The catalog provides a self-service portal for requesting services and also enables business users to manage
their own provisioned resources.
The following example is of a typical life cycle.
Connie, the consumer of IT services, logs in to the vRealize Automation console. On the Catalog tab, she
browses for the service oerings she needs to do her job. The items that are available in the catalog are
grouped into service categories, which helps her nd what she is looking for. After Connie selects a catalog
item, she can view its details to conrm that it is what she wants before submiing a request.
When Connie requests a catalog item, a form appears where she can provide information such as the reason
for her request, and any parameters for the request. For example, if she is requesting a virtual machine, she
might be able to specify the number of CPUs or amount of storage on the machine. If Connie is not ready to
submit her request, she can save it and return to it at a later time.
After Connie submits her request, it might be subject to approval. Connie can look on the Requests tab to
track the progress of her request, including whether it is pending approval, in progress, or completed.
If the request results in an item being provisioned, it is added to Connie's list of items on the Items tab. Here
she can view the item details or perform additional actions on her items. In the virtual machine example, she
might be able to power on or power o the machine, connect to it through Remote Desktop, recongure it to
add more resources, or dispose of it when she no longer needs it. The actions she can perform are based on
entitlements and can also be made subject to approval based on exible approval policies.
Creating and Publishing Catalog Items
Catalog administrators and tenant administrators can dene new catalog items and publish them to the
service catalog. Tenant administrators and business group managers can entitle the new item to consumers.
Typically, a catalog item provides a complete specication of the resource to be provisioned and the process
to initiate when the item is requested. It also denes the options that are available to a requester of the item,
such as virtual machine conguration or lease duration, or any additional information that the requester is
prompted to provide when submiing the request.
For example, Sean has privileges to create and publish blueprints, including software components and XaaS.
After the blueprint is published, Sean, or a catalog administrator or a tenant administrator responsible for
managing the catalog, can then congure the catalog item, including specifying an icon and adding the item
to a service.
To make the catalog item available to users, a tenant administrator or business group manager must entitle
the item to the users and groups who should have access to it in the service catalog.
Services for the Service Catalog
Services are used to organize catalog items into related oerings to make it easier for service catalog users to
browse for the catalog items they need.
For example, catalog oerings can be organized into Infrastructure Services, Application Services, and
Desktop Services.
A tenant administrator or catalog administrator can specify information about the service such as the service
hours, support team, and change window. Although the catalog does not enforce service-level agreements
on services, this information is available to business users browsing the service catalog.
Foundations and Concepts
VMware, Inc. 23
Catalog Items
Users can browse the service catalog for catalog items that they are entitled to request.
Some catalog items result in an item being provisioned that the user can manage through its life cycle. For
example, an application developer can request storage as a service, then later add capacity, request backups,
and restore previous backups.
Other catalog items do not result in provisioned items. For example, a cell phone user can submit a request
for additional minutes on a mobile plan. The request initiates a workow that adds minutes to the plan. The
user can track the request as it progresses, but cannot manage the minutes after they are added.
Some catalog items are available only in a specic business group, other catalog items are shared between
business groups in the same tenant.
Actions
Actions are operations that you can perform on provisioned items.
Users can manage their provisioned items on the Items tab. The View Details option is always present in
the Actions menu. Additional options might be available depending on the type of item and the user's
entitlements. For example, Power On can be available for machines but not for HR services such as
provisioning a new hire.
You can perform request actions and immediate actions. Request actions initiate requests, which you can
track on the Requests tab and which can be made subject to approval. Statuses shown on the Requests tab
indicate the success or failure of the request, and do not indicate the successful completion of an action.
Immediate actions do not create requests and are always run immediately.
Built-in actions are available to all tenants and cannot be edited, although they can be enabled or disabled.
Custom actions can be created at a per-tenant level and shared across all business groups in that tenant.
Entitlements
Entitlements determine which users and groups can request specic catalog items or perform specic
actions. Entitlements are specic to a business group.
Business group managers can create entitlements for the groups that they manage. Tenant administrators
can create entitlements for any business group in their tenant. When you create an entitlement, you must
select a business group and specify individual users and groups in the business group for the entitlement.
You can entitle an entire service category, which entitles all of the catalog items in that service, including
items that are added to the service after you create the entitlement. You can also add individual catalog
items in a service to an entitlement. Services do not contain actions. You must add actions to an entitlement
individually.
For each service, catalog item, or action that you entitle, you can optionally specify an approval policy to
apply to requests for that item. If you entitle an entire service and a specic catalog item in that service in
the same entitlement, the approval policy on the catalog item overrides the policy on the service. For
example, you can entitle the Cloud Infrastructure service to members of a business group and allow them to
request any of its items with no approval policy. For a select number of catalog items that require more
governance for their provisioning, you can entitle those in the same entitlement and apply an approval
policy on just those items.
The actions that you entitle to users apply to any items that support the entitled action and they are not
limited to the services and actions in the same entitlement. For example, if Connie, a consumer of
infrastructure services, is entitled to Machine Blueprint 1 and the action Recongure in one entitlement, and
she is also entitled to Machine Blueprint 2 in a dierent entitlement, then she is entitled to recongure
machines provisioned from Machine Blueprint 1 and Machine Blueprint 2, as long as both blueprints allow
that action to be performed.
Foundations and Concepts
24 VMware, Inc.
If multiple entitlements exist for the same business group, you can prioritize the entitlements. When a user
makes a catalog request, the entitlement and associated approval policy that applies is the highest priority
entitlement that grants the user access to that item or action.
Approval Policies
An approval policy is used to govern whether a service catalog user needs approval from someone in your
organization to provision items in your environment.
A tenant administrator or approval administrator can create approval policies. The policies can be for pre-
provisioning or post-provisioning. If a pre-approval is congured, then the request must be approved before
the request is provisioned. If it is a post-approval, the request must be approved before the provisioned item
is released to the requesting user.
The policies are applied to items in an entitlement. You can apply them to services, catalog items, catalog
item components, or actions that require an approver to approve or reject a provisioning request.
When a service catalog user requests an item that includes one or more approval policies, the approval
request is sent to the approvers. If approved, the request moves forward. If rejected, the request is canceled
and the service catalog user is notied regarding the rejection.
Infrastructure as a Service
With Infrastructure as a Service (IaaS), you can rapidly model and provision servers and desktops across
virtual and physical, private and public, or hybrid cloud infrastructures.
nConguring Infrastructure Fabric on page 26
The IaaS administrator and fabric administrator roles are responsible for conguring the fabric to
enable provisioning of infrastructure services. Fabric conguration is system-wide and is shared
across all tenants.
nInfrastructure Source Endpoints on page 27
Infrastructure sources can include a group of virtualization compute resources or a cloud service
account.
nCompute Resources on page 27
A compute resource is an object that represents a host, host cluster, or pool in a virtualization
platform, a virtual datacenter, or an Amazon region on which machines can be provisioned.
nData Collection on page 28
vRealize Automation collects data from infrastructure source endpoints and their compute resources.
nFabric Groups on page 29
An IaaS administrator can organize virtualization compute resources and cloud endpoints into fabric
groups by type and intent. One or more fabric administrators manage the resources in each fabric
group.
nBusiness Groups on page 29
A business group associates a set of services and resources to a set of users, often corresponding to a
line of business, department, or other organizational unit.
nMachine Prexes on page 29
You use machine prexes to generate the names of provisioned machines. Machine prexes are shared
across all tenants.
nResource Reservations on page 29
You can create a reservation to allocate provisioning resources in the fabric group to a specic business
group.
Foundations and Concepts
VMware, Inc. 25
nConguring Reservation Policies on page 30
When a user requests a machine, it can be provisioned on any reservation of the appropriate type that
has sucient capacity for the machine. You can apply a reservation policy to a blueprint to restrict the
machines provisioned from that blueprint to a subset of available reservations.
nMachine Blueprints on page 30
A blueprint that contains a machine component species the workow used to provision a machine
and includes information such as CPU, memory, and storage. Machine blueprints specify the
workow used to provision a machine and include additional provisioning information such as the
locations of required disk images or virtualization platform objects. Blueprints also specify policies
such as the lease period and can include networking and security components such as security groups,
policies, or tags.
nMachine Leases and Reclamation on page 31
IaaS provides two mechanisms for controlling resource use and controlling costs. Leases provide
access to a machine for a limited period. By using the reclamation process, a tenant administrator can
identify underused resources and reclaim them from their owners.
nScaling and Reconguring Deployments on page 32
You can scale provisioned deployments to adjust to changing workload demands. You use the scale in
or scale out actions for horizontal scale, and the machine recongure action for vertical scale. You
govern scale and recongure actions by using entitlements, approval policies, or by designing
constraints directly into blueprints.
Configuring Infrastructure Fabric
The IaaS administrator and fabric administrator roles are responsible for conguring the fabric to enable
provisioning of infrastructure services. Fabric conguration is system-wide and is shared across all tenants.
An IaaS administrator creates an endpoint to congure access to an infrastructure source. When the
connection to an infrastructure source is established, vRealize Automation collects information about the
compute resources available through that source. The IaaS administrator can then organize those resources
into fabric groups and assign a fabric administrator to manage each group as well as cross-tenant
conguration such as machine prexes.
A fabric administrator can create reservations to allocate provisioning resources in the fabric group to
specic business groups that the tenant administrator created during tenant conguration. Optionally, the
fabric administrator can congure reservation, network, or storage reservation policies. For example, they
can create a reservation policy to control placement of provisioned machines.
Foundations and Concepts
26 VMware, Inc.
When the fabric administrator has created reservations, the IaaS architects can create and publish machine
blueprints for reuse in application blueprints and for catalog administrators to make available in the service
catalog.
Infrastructure Source Endpoints
Infrastructure sources can include a group of virtualization compute resources or a cloud service account.
An IaaS administrator congures an infrastructure source by specifying the endpoint details and credentials
that vRealize Automation can use to communicate with the source.
vRealize Automation collects information about all congured infrastructure sources at regular intervals.
This information includes virtualization hosts, templates, and ISO images for virtualization environments;
virtual datacenters for vCloud Director; and regions and machines provisioned on them for Amazon.
Table 6. Examples of Infrastructure Source Endpoints
Infrastructure Source Endpoints
vSphere vCenter server
vCloud Air vCloud Air OnDemand or subscription service
vCloud Director vCloud Director server
Amazon EC2 or OpenStack Cloud service account
Hyper-V (SCVMM) Microsoft System Center Virtual Machine Manager server
KVM (RHEV) Red Hat Enterprise Virtualization server
For a complete list of supported infrastructure source endpoints, see the vRealize Automation Support Matrix.
Compute Resources
A compute resource is an object that represents a host, host cluster, or pool in a virtualization platform, a
virtual datacenter, or an Amazon region on which machines can be provisioned.
An IaaS administrator can add compute resources to or remove compute resources from a fabric group. A
compute resource can belong to more than one fabric group, including groups that dierent fabric
administrators manage. After a compute resource is added to a fabric group, a fabric administrator can
create reservations on it for specic business groups. Users in those business groups can then be entitled to
provision machines on that compute resource.
Information about the compute resources on each infrastructure source endpoint and machines provisioned
on each compute resource is collected at regular intervals.
Table 7. Examples of Compute Resources for Infrastructure Sources
Infrastructure Source Compute Resource
vSphere (vCenter) ESX or ESXi host or cluster
Hyper-V (SCVMM) Hyper-V host
KVM (RHEV) KVM host
vCloud Director virtual datacenter
Amazon AWS Amazon region
Foundations and Concepts
VMware, Inc. 27
Data Collection
vRealize Automation collects data from infrastructure source endpoints and their compute resources.
Data collection occurs at regular intervals. Each type of data collection has a default interval that you can
override or modify. Each type of data collection also has a default timeout interval that you can override or
modify.
IaaS administrators can manually initiate data collection for infrastructure source endpoints and fabric
administrators can manually initiate data collection for compute resources.
Table 8. Data Collection Types
Data Collection Type Description
Infrastructure Source Endpoint Data Collection Updates information about virtualization hosts, templates,
and ISO images for virtualization environments. Updates
virtual datacenters and templates for vCloud Director.
Updates Amazon regions and machines provisioned on
Amazon regions.
Endpoint data collection runs every 4 hours.
Inventory Data Collection Updates the record of the virtual machines whose resource
use is tied to a specic compute resource, including
detailed information about the networks, storage, and
virtual machines. This record also includes information
about unmanaged virtual machines, which are machines
provisioned outside of vRealize Automation.
Inventory data collection runs every 24 hours.
The default timeout interval for inventory data collection is
2 hours.
State Data Collection Updates the record of the power state of each machine
discovered through inventory data collection. State data
collection also records missing machines that
vRealize Automation manages but cannot be detected on
the virtualization compute resource or cloud endpoint.
State data collection runs every 15 minutes.
The default timeout interval for state data collection is 1
hour.
Performance Data Collection (vSphere compute resources
only)
Updates the record of the average CPU, storage, memory,
and network usage for each virtual machine discovered
through inventory data collection.
Performance data collection runs every 24 hours.
The default timeout interval for performance data
collection is 2 hours.
Network and security inventory data collection (vSphere
compute resources only)
Updates the record of network and security data related to
vCloud Networking and Security and NSX, particularly
information about security groups and load balancing, for
each machine following inventory data collection.
WMI data collection (Windows compute resources only) Updates the record of the management data for each
Windows machine. A WMI agent must be installed,
typically on the Manager Service host, and enabled to
collect data from Windows machines.
Foundations and Concepts
28 VMware, Inc.
Fabric Groups
An IaaS administrator can organize virtualization compute resources and cloud endpoints into fabric
groups by type and intent. One or more fabric administrators manage the resources in each fabric group.
Fabric administrators are responsible for creating reservations on the compute resources in their groups to
allocate fabric to specic business groups. Fabric groups are created in a specic tenant, but their resources
can be made available to users who belong to business groups in all tenants.
Business Groups
A business group associates a set of services and resources to a set of users, often corresponding to a line of
business, department, or other organizational unit.
Business groups are managed in Administration > Users and Groups and are used when creating
reservations and entitling users to items in the service catalog.
To request catalog items, a user must belong to the business group that is entitled to request the item. A
business group can have access to catalog items specic to that group and to catalog items that are shared
between business groups in the same tenant. In IaaS, each business group has one or more reservations that
determine on which compute resources the machines that this group requested can be provisioned.
A business group must have at least one business group manager, who monitors the resource use for the
group and often is an approver for catalog requests. Business groups can include support users. Support
users can request and manage machines on behalf of other group members. Business group managers can
also submit requests on behalf of their users. A user can be a member of more than one business group, and
can have dierent roles in dierent groups.
Machine Prefixes
You use machine prexes to generate the names of provisioned machines. Machine prexes are shared
across all tenants.
You should assign a default machine prex to every business group that you expect to need IaaS resources.
Every blueprint must have a machine prex or use the group default prex.
Fabric administrators are responsible for managing machine prexes. A prex is a base name to be followed
by a counter of a specied number of digits. For example, a prex of g1dw for group1 and developer
workstation, with a counter of three digits produces machines named g1dw001, g1dw002, and so on. A
prex can also specify a number other than 1 to start the counter.
If a business group is not intended to provision IaaS resources, tenant administrators do not need to assign a
default machine prex when they create the business group. If the business group is intended to provision
IaaS resources, tenant administrators should assign one of the existing machine prexes as the default for
the business group. This assignment does not restrict blueprint architects from choosing a dierent prex
when they create blueprints. A tenant administrator can change the default prex of a business group at any
time. The new default prex is used in the future, but does not aect previously provisioned machines.
Resource Reservations
You can create a reservation to allocate provisioning resources in the fabric group to a specic business
group.
A virtual reservation allocates a share of the memory, CPU and storage resources on a particular compute
resource for a business group to use.
A cloud reservation provides access to the provisioning services of a cloud service account, for
Amazon AWS, or to a virtual datacenter, for vCloud Director, for a business group to use.
Foundations and Concepts
VMware, Inc. 29
A business group can have multiple reservations on the same compute resource or dierent compute
resources, or any number of reservations containing any number of machines.
A compute resource can also have multiple reservations for multiple business groups. In the case of virtual
reservations, you can reserve more resources across several reservations than are physically present on the
compute resource. For example, if a storage path has 100 GB of storage available, a fabric administrator can
create one reservation for 50 GB of storage and another reservation using the same path for 60 GB of storage.
You can provision machines by using either reservation as long as sucient resources are available on the
storage host.
Configuring Reservation Policies
When a user requests a machine, it can be provisioned on any reservation of the appropriate type that has
sucient capacity for the machine. You can apply a reservation policy to a blueprint to restrict the machines
provisioned from that blueprint to a subset of available reservations.
You can use a reservation policy to collect resources into groups for dierent service levels, or to make a
specic type of resource easily available for a particular purpose. When a user requests a machine, it can be
provisioned on any reservation of the appropriate type that has sucient capacity for the machine. The
following scenarios provide a few examples of possible uses for reservation policies:
nTo ensure that provisioned machines are placed on reservations with specic devices that support
NetApp FlexClone.
nTo restrict provisioning of cloud machines to a specic region containing a machine image that is
required for a specic blueprint.
nAs an additional means of using a Pay As You Go allocation model for machine types that support that
capability.
Note Reservations dened for vCloud Air endpoints and vCloud Director endpoints do not support the
use of network proles for provisioning machines.
You can add multiple reservations to a reservation policy, but a reservation can belong to only one policy.
You can assign a single reservation policy to more than one blueprint. A blueprint can have only one
reservation policy.
A reservation policy can include reservations of dierent types, but only reservations that match the
blueprint type are considered when selecting a reservation for a particular request.
Reservation policies provide an optional means of controlling how reservation requests are processed. You
can apply a reservation policy to a blueprint to restrict the machines provisioned from that blueprint to a
subset of available reservations.
Machine Blueprints
A blueprint that contains a machine component species the workow used to provision a machine and
includes information such as CPU, memory, and storage. Machine blueprints specify the workow used to
provision a machine and include additional provisioning information such as the locations of required disk
images or virtualization platform objects. Blueprints also specify policies such as the lease period and can
include networking and security components such as security groups, policies, or tags.
A machine blueprint typically refers to a blueprint that contains only one machine component and the
associated security and networking elements. It can be published as a standalone blueprint and made
available to users in the service catalog. However, published machine blueprints also become available for
reuse in your design library, and you can assemble multiple machine blueprints, along with Software
components and XaaS blueprints, to design elaborate application blueprints for delivering catalog items that
include multiple machines, networking and security, software with full life cycle support, and custom XaaS
functionality to your users.
Foundations and Concepts
30 VMware, Inc.
An example of a standalone virtual machine blueprint might be one that species a Windows 7 developer
workstation with one CPU, 2 GB of memory, and a 30 GB hard disk. A standalone cloud machine blueprint
might specify a Red Hat Linux web server image in a small instance type with one CPU, 2 GB of memory,
and 160 GB of storage.
Blueprints can be specic to a business group or shared among groups in a tenant, depending on the
entitlements that are congured for the published blueprint .
You can add custom properties to a machine component in a blueprint to specify aributes of a machine or
to override default specications. You can also add property groups as a convenience for specifying multiple
custom properties.
Machine Leases and Reclamation
IaaS provides two mechanisms for controlling resource use and controlling costs. Leases provide access to a
machine for a limited period. By using the reclamation process, a tenant administrator can identify
underused resources and reclaim them from their owners.
Machine Leases
A blueprint can optionally dene a lease duration for machines provisioned from that blueprint.
If a blueprint does not specify a lease period, machines are provisioned from that blueprint with no
expiration date. If a blueprint species a single value for lease duration, machines are provisioned from that
blueprint with an expiration date based on the blueprint lease duration. The expiration date is calculated
from the time of the request, not from when the machine is provisioned.
If a blueprint species a range of possible lease durations, a user can select the desired lease duration within
that range when submiing the machine request. Machine requests can be subject to approval based on the
requested lease duration.
When a machine lease expires, the machine is powered o. When the archive period expires, the machine is
destroyed. You can reactivate an archived machine by seing the expiration date to a date in the future to
extend its lease, and powering it back on.
You can send notication emails to alert machine owners and business group managers that a machine's
lease is about to expire and again when the lease expires.
Users can be entitled to request a lease extension at any time before it expires. A business group manager or
support user can also change the expiration date for a machine after it is provisioned.
Reclamation Overview
Tenant administrators can use metrics such as low CPU use, low memory use, or low hard disk use to
reclaim virtual machines in their tenant and help control resources.
You can use the basic metrics provided by vRealize Automation to sort and lter metrics information for all
of your machines, or you can congure a vRealize Operations Manager endpoint to provide metrics and
health badges for your vSphere virtual machines.
You can use the metrics to identify underused machines that might be candidates for reclamation. Select the
candidate machines and send a reclamation request to the owners of the machines. The machine owner has
a xed period of time to respond to the request. If the machine is still in use, the owner can stop the
reclamation process and continue using the machine. If the machine is no longer needed, the owner can
release the machine for reclamation, in which case the machine lease is ended. If the owner does not respond
in a timely manner, a lease determined by the administrator is imposed. If the owner continues to take no
action, the machine is powered o on the new expiration date, the machine is reclaimed, and the resources
are freed.
Foundations and Concepts
VMware, Inc. 31
Scaling and Reconfiguring Deployments
You can scale provisioned deployments to adjust to changing workload demands. You use the scale in or
scale out actions for horizontal scale, and the machine recongure action for vertical scale. You govern scale
and recongure actions by using entitlements, approval policies, or by designing constraints directly into
blueprints.
Scale In or Scale Out
After you provision a deployment, you can adjust to changing workload demands by increasing or
decreasing the number of instances of virtual or cloud machines in your deployment. For example, you
deployed a three-tiered banking application with a clustered application server node, a database node, and a
load balancer node. Demand increases, and you nd that the two instances of your application server node
cannot handle all the trac. Because your blueprint supports up to ten instances of the application server,
and you are entitled to scale actions, you can scale out your application. You navigate to your provisioned
application item in vRealize Automation and select the scale out action to add another instance of your
application server node to the deployment. vRealize Automation provisions a new machine, installs the
application software component, and updates your load balancer so your application can handle the
increased demands.
If demand decreases, you can scale the deployment in. The newest machines and software components are
destroyed rst, and your networking and security components are updated so that your deployed
application isn't using any unnecessary resources.
Table 9. Support for Scalable Components
Component Type
Suppor
ted Notes
Machine components Yes Scale out provisions additional instances of your machines, and scale in
destroys machines in last in, rst out order.
Software components Yes Software components are provisioned or destroyed along with machines
that are scaled, and the update life cycle scripts are run for any software
components that depend on the scaled machine components.
Networking and security
components
Yes Networking and security components, including NSX load balancers,
security groups and security tags, are updated for the new deployment
conguration.
Scaling impacts the network and security, including load balancer, seings
for the deployment. When you scale in or scale out a deployment that
contains one or more nodes, the associated NSX networking components are
updated. For example, if there is an on-demand NAT networking
component associated with the deployment, the NAT rules are updated in
accordance with the scaling request.
When you scale in or scale out a deployment that contains an associated
load balancer, the load balancer is automatically congured to include
newly added machines or to stop load balancing machines that are targeted
for tear down.
When you scale out a deployment that contains a load balancer, secondary
IP addresses are added to the load balancer. Depending on whether you
scale in or scale out, virtual machines are added or removed from the load
balancer and saved or removed in the IaaS database.
Foundations and Concepts
32 VMware, Inc.
Table 9. Support for Scalable Components (Continued)
Component Type
Suppor
ted Notes
XaaS components No XaaS components are not scalable and are not updated during a scale
operation. If you are using XaaS components in your blueprint, you could
create a resource action for users to run after a scale operation, which could
either scale or update your XaaS components as required. Alternatively, you
could disable scale by conguring exactly the number of instances you want
to allow for each machine component.
Nested blueprints Yes Supported components in nested blueprints might only update if you create
explicit dependencies to scaled machine components. You create explicit
dependencies by drawing dependency lines on the design canvas.
When you scale out a deployment, vRealize Automation allocates the requested resources on the current
reservation before proceeding. If the scale is partially successful, and fails to provision one or more items
against those allocated resources, the resources are not deallocated and do not become available for new
requests. Resources that are allocated but unused because of a scale failure are known as dangling resources.
You can try to repair partially successful scale operations by aempting to scale the deployment again.
However, you cannot scale a deployment to its current size, and xing a partially successful scale this way
does not deallocate the dangling resources. You can view the request execution details screen and nd out
which tasks failed on which nodes to help you decide whether to x the partially successful scale with
another scale operation. Failed and partially successful scale operations do not impact the functionality of
your original deployment, and you can continue to use your catalog items while you troubleshoot any
failures.
For a clustered deployment, in which the deployment created from a blueprint contains more than one VM,
scaling fails if the blueprint uses a hostname custom property but does not contain a machine prex value.
To avoid this issue, you can use the machine prex option in the blueprint denition. Otherwise, the scaling
function aempts to use the same hostname seing for each VM in the cluster.
Scale Up or Scale Down By Using Reconfigure
After you provision a vSphere, vCloud Air, or vCloud Director virtual or cloud machine you can adjust to
changing workload demands by requesting a machine recongure to increase (scale up) or decrease (scale
down) machine resource specications for CPU, memory, storage, or networks. You can also add, edit, or
remove custom properties and change descriptions. You can request to recongure machines for scale up or
scale down that are in the On or O state.
When you recongure a virtual or cloud machine for scale up, vRealize Automation allocates the requested
resources on the current reservation before proceeding. If the resources are not available, the machine
recongure fails. If a machine recongure request fails, any resources allocated for scale up are deallocated
and available for new requests. When you recongure a virtual or cloud machine for scale down, resources
are not made available to new requests unless the recongure nishes successfully.
Table 10. Required Entitlements for Machine Reconfigure for Scaling Scenarios ( vSphere , vCloud Air ,
and vCloud Director only
Virtual or Cloud Machine Owner wants to... Required Entitlements
Run the recongure for scaling immediately after any
required approvals are given.
Recongure
Specify a date and time to run the reconguration for
scaling.
Recongure
Reschedule a recongure for scaling because the request
was not approved until after the scheduled time.
Recongure
Retry a failed recongure request. Execute recongure
Foundations and Concepts
VMware, Inc. 33
Table 10. Required Entitlements for Machine Reconfigure for Scaling Scenarios ( vSphere , vCloud Air ,
and vCloud Director only (Continued)
Virtual or Cloud Machine Owner wants to... Required Entitlements
Cancel a failed recongure request. Cancel recongure
Cancel a scheduled recongure request. Cancel recongure
XaaS Blueprints and Resource Actions
XaaS architects can use the XaaS options to create blueprints and publish them to the service catalog. They
can also create and publish post-provisioning operations that the consumers can perform on provisioned
items.
Creating XaaS Blueprints and Actions
By using the XaaS blueprints and resource actions, you dene new provisioning, request, or action oerings
and publish them to the common catalog as catalog items.
You can create XaaS blueprints and actions for either requesting or provisioning. The XaaS blueprints for
requesting do not provision items and provide no options for post-provisioning operations. Examples of
XaaS blueprints for requesting include blueprints for sending emails, generating reports, performing
complex calculations, and so on. For an XaaS blueprint, the result is a provisioned item. You can create a
custom resource so that you can access and manage the items on the Items tab.
To dene the XaaS specication, you create a blueprint and publish it as a catalog item. After you publish a
catalog item, you must include it in a service category. You can use an existing service or create one. A
tenant administrator or business group manager can entitle the whole service or only the catalog item to
specic users.
If you created a custom resource for a provisioned item, you can create resource actions to dene the post-
provisioning operations that the consumers can perform. You can also create resource actions for an item
that is provisioned by a source dierent from the XaaS blueprints, for example by IaaS. For this purpose,
rst you must create a resource mapping to dene the type of the catalog item.
Custom Resources
You must create a custom resource so that you can create an XaaS blueprint for provisioning with the option
to access and manage the provisioned items. Custom resources dene the items for provisioning, and you
can use them to dene post-provisioning operations that the consumers can perform.
You create a custom resource to dene a new type of provisioned item and map it to an existing
vRealize Orchestrator object type. vRealize Orchestrator object types are the objects exposed through the
APIs of the vRealize Orchestrator plug-ins. The custom resource is the output type of a blueprint workow
for provisioning and can be the input type for a resource action workow.
For example, if you have a running vCenter Server instance, and you also have the vCenter Server plug-in
that is congured to work with vRealize Orchestrator, all of the object types from the vCenter Server API are
exposed in vRealize Orchestrator. The vCenter Server plug-in exposes the vSphere inventory objects in the
vRealize Orchestrator inventory. The vSphere inventory objects include data centers, folders, ESXi hosts,
virtual machines and appliances, resource pools, and so on. You can perform operations on these objects.
For example, you can create, clone, or destroy virtual machines.
For more information about the vRealize Orchestrator object types exposed through the vCenter Server API,
see the vCenter Server Plug-In API Reference for vCenter Orchestrator.
Foundations and Concepts
34 VMware, Inc.
Resource Mappings
You create resource mappings between the vRealize Automation catalog resource type and the
vRealize Orchestrator inventory type to manage resources provisioned outside of XaaS.
For example, you might want to create an action so that users can take a snapshot of their Amazon
machines. For this action to work on an Amazon machine provisioned, the three components involved,
XaaS, vRealize Orchestrator, and IaaS, need a common language You create that common language by
adding a resource mapping in XaaS that runs a vRealize Orchestrator scripting action or workow to map
the IaaS Cloud Machine resource type to the vRealize Orchestrator AWS:EC2Instance inventory type.
vRealize Automation provides resource mappings, and the underlying vRealize Orchestrator script actions
and workows, for vSphere, vCloud Director, and vCloud Air machines.
XaaS Blueprints
An XaaS blueprint is a complete specication of a resource.
With XaaS blueprints, you publish predened and custom vRealize Orchestrator workows as catalog items
for either requesting or provisioning. Blueprints for requesting run workows with no provisioning and
provide no options for managing a provisioned item. Before you create a blueprint for provisioning, you
must map the workow output parameter as a custom resource. Then you can assign resource actions that
dene post-provisioning operations.
Resource Actions
You can create custom resource actions to congure the post-provisioning operations that the consumers can
perform.
To create post-provisioning operations, you must publish vRealize Orchestrator workows as resource
actions. To create a resource action for an item provisioned by using XaaS, you use a custom resource as an
input parameter for the workow. To create a resource action for an item that is provisioned by a source
dierent from XaaS, you use a resource mapping as an input parameter for the workow. When you entitle
the resource actions, they appear in the Actions drop-down menu of the provisioned items on the Items tab.
Designing Forms for XaaS Blueprints and Actions
The XaaS includes a form designer that you can use to design submission and details forms for blueprints
and resources actions. Based on the presentation of the workows, the form designer dynamically generates
default forms and elds you can use to modify the default forms.
You can create interactive forms that the users can complete for submission of catalog items and resource
actions. You can also create read-only forms that dene what information the users can see on the details
view for a catalog item or a provisioned resource.
As you create XaaS custom resources, XaaS blueprints, and resource actions, forms are generated for
common use cases.
Foundations and Concepts
VMware, Inc. 35
Table 11. XaaS Object Types and Associated Forms
Object Type Default Form Additional Forms
Custom resource Resource details form based on the
aributes of the vRealize Orchestrator
plug-in inventory type (read-only).
nNone
XaaS blueprint Request submission form based on the
presentation of the selected workow.
nCatalog item details (read-only)
nSubmied request details (read-only)
Resource action Action submission form based on the
presentation of the selected workow.
nSubmied action details (read-only)
You can modify the default forms and design new forms. You can drag elds to add and reorder them on
the form. You can place constraints on the values of certain elds, specify default values, or provide
instructional text for the end user who is completing the form.
Because of their dierent purposes, the operations you can perform to design read-only forms are limited
compared to the operations for designing submission forms.
Common Components
vRealize Automation includes several common components in addition to the service catalog and catalog
item sources such as Infrastructure as a Service and XaaS.
Notifications
You can send automatic notications for several types of events, such as the successful completion of a
catalog request or a required approval.
System administrators can congure global email servers that process email notications. Tenant
administrators can override the system default servers, or add their own servers if no global servers are
specied.
Tenant administrators select which events cause notications to be sent to users in their tenants. Each
component, such as the service catalog or IaaS, can dene events that can trigger notications, but none of
them are selected by default.
Each user can choose whether to receive notications. Users either receive all notications congured by the
tenant administrator or no notications, they do not have ne-grained control over which notications to
receive.
Some emails have links that users can use to respond to the notication. For example, a notication about a
request that requires approval can have one link for approving the request and one for rejecting it. When a
user clicks one of the links, a new email opens with content that is automatically generated. The user can
send the email to complete the approval.
Foundations and Concepts
36 VMware, Inc.
!
TEMPLATE
Configure an outbound mail
server to send notifications.
No
Yes
No
Users get the
notifications they want.
Edit the configuration files
that control IaaS notifications.
Enable notifications for
any events you want
to allow users to
receive updates for.
Configure an inbound mail
server to receive notifications.
Yes
Do you want users
to be able to respond
to notifications?
Do you want to
customize the
templates for IaaS
notifications?
Tell your users how to
subscribe to the
notifications you enabled.
Foundations and Concepts
VMware, Inc. 37
Branding
Each tenant can change the appearance of the vRealize Automation console and login pages.
System administrators control the default branding for all tenants. A tenant administrator can change the
branding of the portal including the login pages, logo, the background color, and the information in the
header and footer. If the branding for a tenant is changed, a tenant administrator can always revert back to
the system defaults.
Life Cycle Extensibility
The architecture of vRealize Automation is designed with extensibility in mind. To satisfy dierent
extensibility use cases, vRealize Automation oers a variety of conguration options and tools.
vRealize Automation Extensibility Options
vRealize Automation is a exible cloud management platform that enables customization and extensibility
at multiple levels.
VM VM VM
VM VM VM
VM VM VM
VM VM VM
VM VM VM
VM VM VM
1. Leverage existing and future infrastructure
Windows
amazon
web services
vmware
vCloud
Provider
vmware
vCloud
VMware
vSphere
Microsoft
Hyper-V
CITRIX
Xen
LINUX
Physical Virtual Cloud
vRealize Automation
vRealize Automation RESTAPI
Policy Management Design Center
Multi-vendor,
Multi-cloud
Advanced Services
Designer
5. Call vRealize Automation services
from existing applications
ServiceNow PMG Remedy
Homegrown service catalog
Compute Infrastructure (virtual, physical,
public cloud)
Software deployment methodologies
3. Integrate with
3rd party
management
systems
CMDB
DNS
IPAM
Load Balancers
Service Desk
Monitoring
Storage
Databases
Web Services
Etc.
4. Add new IT
services and
create new
day-2 operations
Storage as a
Service, Load
Balancing as a
Service, etc.
Backup a VM,
open a ticket or
a machine, etc.
vRealize
Orchestrator
IT Process
Automation
2. Configure business-
relevant services
Specify provisioning
methodology
Service entitlements
Custom properties
Resource reservations
Specify custom
machine/OS properties
Etc.
Leveraging Existing and Future Infrastructure
vRealize Automation provides support for many types of infrastructure and provisioning methods.
IaaS administrators can integrate with several infrastructure sources including virtual hypervisors, such as
vSphere, Hyper-V, KVM (RHEV), and so on, public clouds including VMware vCloud ® Air ™ and Amazon
AWS, and physical infrastructure.
Blueprint authors can control many machine options, including provisioning methods, by conguring
blueprints for various types of infrastructure.
Foundations and Concepts
38 VMware, Inc.
For a full list of supported infrastructure types and provisioning methods, see vRealize Automation Support
Matrix. For information about conguring infrastructure blueprints, see Conguring vRealize Automation.
Configuring Business-Relevant Services
The vRealize Automation console enables administrators to congure business- and user-specic policies
through a web-based user interface without writing any code.
These business policies include entitlements and approvals for the service catalog, resource reservation
policies for infrastructure, and many others.
For information about customization tasks that you can perform through the vRealize Automation console,
see Conguring vRealize Automation.
Using custom properties, machine blueprint authors can dene additional machine properties or override
their standard aributes for a variety of purposes.
For details about the use and conguration of custom properties, see Conguring vRealize Automation.
Extending vRealize Automation with Event-Based Workflows
You can use workow subscriptions to run vRealize Orchestrator workows based on events.
vRealize Automation provides event topics to which you can subscribe, triggering your custom
vRealize Orchestrator workows when an IaaS resource is provisioned or modied.
For more information, see Life Cycle Extensibility.
Integrating with Third-Party Management Systems
Provisioning or decommissioning a new machine, especially for mission-critical systems, typically requires
interacting with a number of dierent management systems, including DNS servers, load balancers,
CMDBs, IP Address Management and other systems.
Administrators can inject custom logic (known as workows) at various predetermined IaaS life cycle
stages. These IaaS workows can call out to vRealize Orchestrator for bi-directional integration with
external management systems.
For details about machine life cycle extensibility, see Life Cycle Extensibility.
Adding New IT Services and Creating New Actions
The XaaS enables XaaS architects to dene new services and new management operations on provisioned
resources.
vRealize Automation provides a range of management operations that you can perform on machines. Your
organization may nd it valuable to extend the default IaaS machine menus with new options, such as
creating a machine backup or running a security check.
It can also be benecial to expose entirely new services in the service catalog, so that users can automate
other initiatives directly via the portal. Service architects can create XaaS blueprints for storage-as-a-service,
networking services or virtually any kind of IT service by using XaaS.
For details about how to create new catalog items, see Conguring vRealize Automation.
Foundations and Concepts
VMware, Inc. 39
Calling vRealize Automation Services from External Applications
In some cases, organizations may want to interact with vRealize Automation programmatically rather than
via the vRealize Automation console.
For such scenarios, the vRealize Automation API provides a standardized, secured RESTful interface for
cloud access and interaction, controlled through business-aware policy for consumers such as users,
infrastructure, devices, and applications.
All blueprints, including the ones created via the XaaS, are automatically exposed through the
vRealize Automation API. For more details, see the vRealize Automation API Reference.
Distributed Execution
All core vRealize Automation workows are executed in a distributed execution environment.
The vRealize Automation runtime environment consists of one or more DEM Worker instances that can
execute any workow installed in the core engine. Additional Worker instances can be added as needed for
scalability, availability and distribution.
Skills can be used to associate DEMs and workows, restricting execution of a given workow to a
particular DEM or set of DEMs with matching skills. Any number and combination of skills can be
associated with a given workow or DEM. For example, workow execution can be restricted to a specic
datacenter, or to environments that support a specic API the workow requires. The vRealize Automation
Designer and the CloudUtil command-line tool provide facilities for mapping skills to DEMs and
workows.
For more information about distributed execution and working with skills, see Life Cycle Extensibility.
Foundations and Concepts
40 VMware, Inc.
Index
A
actions
overview 24
XaaS 34
allocating resources, reservations 29
approval policies 25
B
blueprints
machine 30
overview 7
XaaS 34
branding, defaults 38
business groups
overview 29
requirements 29
C
catalog, See service catalog
catalog items, overview 24
catalog services, overview 23
compute resources, overview 27
containers, uses 11
Containers, using the context-sensitive help
system 11
custom resources, overview 34
D
dangling resources, partially successful scale 32
data collection, overview 28
documentation, using scenarios 6
dynamic forms, XaaS 35
E
email server, notifications 36
entitlements, overview 24
examples, using scenarios 6
extensibility
API 40
business-relevant services 39
creating new machine actions 39
creating new services 39
distributed execution 40
infrastructure types 38
life cycle 38
overview of options 38
third-party systems 39
workflow subscriptions 39
F
fabric groups, overview 29
G
goal navigator, using 6
H
help, using scenarios 6
I
identity stores 13
infrastructure sources, overview 27
Infrastructure as a Service
fabric configuration flow 26
overview 9
overview chapter 25
IT Business Management Standard Edition,
overview 12
L
leases, overview 31
life cycle extensibility 38
M
machine blueprints, components 30
machine leases
expiration and archive periods 31
overview 31
machine prefix, default 29
machine reconfiguration, overview 32
mapping a resource to Orchestrator 34, 35
N
notifications, overview 36
O
on-demand services, overview 7
Orchestrator object types 34
overview, Software components 9
overview of, custom resources 34
P
personas 16
prefix, machine 29
VMware, Inc. 41
R
rainpole, using the rainpole scenario 6
reclamation
overview 31
reclaiming expired and underused
machines 31
reconfiguring machines, overview 32
reservation policies, configuring 30
reservations, allocating resources 29
resource actions
overview 35
See also actions
resource mapping 35
roles
tenant 20
See also user roles
S
scaling
overview of scale operations 32
partially successful scale 32
scenarios, using 6
service catalog
creating and publishing flow 23
overview 10
requesting and managing flow 23
services 23
Software components, overview 9
T
tenancy
default tenant 12
overview 12
single-tenant vs. multi-tenant 13
tenant, roles and responsibilities 20
tenants
group management 13
user management 13
Tenants, overview of tenancy and user roles
chapter 12
U
updated information 5
user and groups, overview 13
user roles
overview 16
system-wide roles 16, 17
tenant roles 18, 20
user roles and authentication 22
users, roles and personas 16
V
vRealize Automation, overview 6
X
XaaS
creating and publishing 34
form designer 35
overview 10
XaaS actions 34
XaaS blueprints, overview 35
Foundations and Concepts
42 VMware, Inc.

Navigation menu