vRealize Automation- Deploying and Configuring Identity Appliance


Setting up vCAC (vRA) environment consists of 3 things:

1: Deploying and Configuring Identity Appliance

2: Deploying and configuring vRA Appliance (vCAC Server)

3: Deploying and Configuring IaaS Components

If you have missed earlier posts of this series then I would recommend reading them first before going ahead. You can access the earlier posts from below links:

1: Introduction to vCAC(vRA)

In this post we will be focusing on Installing and Configuring the Identity Appliance

What is Identity Appliance?

The VMware Identity Appliance is a virtual appliance for vCloud Automation Center (vCAC) that provides vCAC with single sign-on (SSO) authentication capabilities.

The Identity Appliance is available in form of ovf template which can be deployed on top of vSphere. Depending upon the infrastructure design, you can deploy a single instance of Identity Appliance or can go ahead with multiple instances (For HA purposes).

Note: Identity Appliance is not a mandatory requirement if you are running vSphere v5.5 Update 1 or above in your environment. You can leverage the existing SSO functionality that is installed along with vCenter 5.5.

Hardware requirements

The minimum hardware required to run an Identity Appliance is listed as below:

1 vCPU
2 GB RAM
2 GB HDD

Port requirements: Port requirements can be summarized as below:

Incoming ports:

ports-1

Outgoing Ports

poer-2

User accounts and privileges information can be found Here

Lets jump into installation now. In my home lab i have deployed Identity Appliance in VMware Workstation. In production environments it is generally deployed on top of vSphere.

Go to Home tab of VMware Workstation and click on “Open a Virtual Machine” option and navigate to the path where your Identity Appliance ovf file is downloaded.

id-1

Accept the license agreement

id-2

The ovf deployment will start after accepting the license agreement.

id-3

Once the ovf is deployed and the virtual machine boot is completed you will get the below screen. You can directly jump in into configuring the identity appliance by firing the URL https:://Identity-app-IP:5480

In my Lab my identity appliance got wrong IP due to NIC setting pointing to bridge. I am using NAT setting in my lab.

id-4

To correct or modify the network settings login to VM from console and fire the command # /opt/vmware/share/vami/vami_config_net

This command will present you with a menu where you can chose options to change the desired network settings

id-5

Once the network settings has changed, reboot the appliance for changes to take place.

Configuring the Identity Appliance

1. Login to https://vcac-id-app-ip:5480

2. Ignore the untrusted certificate warning.

3. Enter root as the username, and the password you defined during the OVA deployment.

id-8

4. Click on the Network tab, and confirm that your Hostname, Default Gateway, IP Address and DNS Server settings are correct.

id-9

5. Click on the SSO tab.

6. Enter and then re-enter a password to be used by the administrator@vsphere.local account and click the apply button.

id-10

Note: SSO initialization takes some time (2-3 minutes). Dont interrupt the process before its completed.

7. Once the SSO is initialized  you will see “SSO is initialized” in green under “SSO Configuration” and also “SSO Status: RUNNING” below the password fields.

id-11

7. Click on the Host Settings tab.

8. in the SSO Host Name field enter the FQDN of your identity appliance and click Apply.

Note: Don’t append :7444 to the end of the FQDN. I have seen some blogs which will tell you to append 7444, but if you do this you will not be able to add SSO. I struggled with this for almost half an hour and then found in vCAC official documentation to not to use :7444

When in doubt, please refer this Link

id-12

9. Click on the SSL tab.

Note: In this post we will be using self signed certificates. If you want to use CA signed certificates, please refer this Blog

10. Change the “Choose Option” drop down to “Generate Self Signed Certificate”.

11. Enter the FQDN of your vCAC Identity Appliance in the Common Name field.

12. Enter an Organization value in the Organization field.

13. Enter and Organization Unit value in the Organization Unit field.

14. Enter a two digit Country Code in the Country Code field.

15. Click the Apply settings button.

id-13

16. You should now see “SSL Certificate is Replaced Successfully” in green under “Replace SSL Certificate”.

id-14

16. Click on the Active Directory tab.

17. Enter a Domain Name, Domain User and Password then click on Join AD Domain.

id-15

With this initial configuration of identity appliance is now completed. You will be able to login to Identity Appliance using your domain credentials.

In Next post of this series we will look into:

Installing and Configuring vRealize Appliance

Installing and Configuring IaaS Components

Tenant Configuration

Creating and Configuring vSphere Endpoints

Creating and Configuring Fabric Groups

Creating Business Groups and Reservations

Creating and Publishing Blueprints

Creating a Service

Creating Entitlements

Deploying a new VM from Self-Service Portal

Share this post on social media if this post is informational to you. Be Sociable 🙂

About Alex Hunt

Hi All I am Manish Kumar Jha aka Alex Hunt. I am currently working in VMware Software India Pvt Ltd as Operations System Engineer (vCloud Air Operations). I have around 5 Years of IT experience and have exposure on VMware vSphere, vCloud Director, RHEL and modern data center technologies like Cisco UCS and Cisco Nexus 1000v and NSX. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.
This entry was posted in Vmware, vRealize Automation and tagged . Bookmark the permalink.

11 Responses to vRealize Automation- Deploying and Configuring Identity Appliance

  1. Pingback: Building a Private Cloud with vCloud Director-Part 17- Deploying and Configuring vRealize Automation Appliance | Go Virtual.

  2. Pingback: vRealize Automation- Deploying Virtual Machines from self-Service Portal | Go Virtual.

  3. Pingback: vRealize Automation- Creating Entitlements | Go Virtual.

  4. Pingback: vRealize Automation- Creating a Service | Go Virtual.

  5. Pingback: vRealize Automation-Create and Publish Blueprints | Go Virtual.

  6. Pingback: vRealize Automation-Create Business Group and Reservation | Go Virtual.

  7. Pingback: vRealize Automation-Creating and Configuring Fabric Groups | Go Virtual.

  8. Pingback: vRealize Automation-Configuring vSphere Endpoint | Go Virtual.

  9. Pingback: vRealize Automation-Tenant Configuration | Go Virtual.

  10. Pingback: vRealize Automation- Installing and Configuring IaaS Components | Go Virtual.

  11. Pingback: vRealize Automation- Deploying and Configuring vRealize Automation Appliance | Go Virtual.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s