vRealize Automation ICM Flashcards
What can vRA do?
It can automate the deployment of infrastructure components (such as vms, apps, and services)
It can also automate collaboration between multiple cloud providers
Why don’t you have to be a programmer to consumer vRA?
You don’t have to be a programmer because vRA automates the placement of software and objects in an environment
What business cases does vRA solve ?
- ability to manage multiple cloud infrastructure from one interface
- Achieve IaaS, SaaS, ZaaS
- Decrease organization inefficiencies to app deployment
What are the components of vRA?
- Cloud Assembly
- Service Broker
- Code Stream
- vRealize Orchestrator
What does cloud assembly do?
- Setups basic cloud infra by pulling in cloud accounts from VMware on AWS, VMware Azure , etc
- Infra as code templates are contained her and can be used by teams
- Kubernetes integration support for native kubes, vSphere with Tanzu, and pivotal container service
- marketplace access for ready-made templates for cloud templates
- vm templates
What is the function of service broker in vRA?
- Gathers info from multiple sources into a single catalog for users
- Where the self-service catalog is located
What are the benefits of VMware Cloud services
- 45 day free trial
- no need to patch, upgrade, or monitor vRA
- earlier access to new features
- single view across multiple clouds and data centers
- chat support available if an org has production support
vRealize Automation On Prem vs vRealize Automation Cloud
Who vRealize Automation on Prem is for:
- existing vRealize Customer
- org that needs a large big cloud management solution
- a business that can’t use SaaS because of security and compliance reqs
- Entities dependent on-prem tools such as service desk IPAM and physical load balancers
Who vRealize cloud is for:
- orgs new to vRealize suite
- small IT orgs
- Orgs that have adopted SaaS strategy
- Orgs that need fast provision and deployment of a cloud infrastructure
What is the vRealize Cloud Universal Licensing Model
- it is the hybrid bundling on prem and SaaS vRealize suite products
What are the benefits of the vRealize Cloud Universal licensing model?
- Since on prem and Saas vRealize Suite licenses can be bundled together, it removes the need for separate licenses to manage vRealize suite products
- can monitor on prem and cloud products from one single pane via self service catalog
How can vRa be deployed?
It cann be deployed as a standard deployment or a clustered infrastructure
What is a VRA standard deployment for?
- Only meant for POC and testing
* has no HA feature(if appliance fails there is no failover mechanism to support high availability
What are the components of vRA standard deployment?
- vRealize suite lifecycle management
- VMware identity Manager
- vRealize Appliance
What are all components in the standard vRA architecture deployment based on?
Photon OS
What is the order of installation for a vRA standard deployment architecture?
- vRealize Suite Lifecycle Manager suite is installed
2. vIDM and vRA appliance installed
What is a clustered vRA architecture deployment used for?
- It is used for production environments and large enterprises
Why is a clustered vRA deployment better than a standard vRA deployment?
*has high availability to provide infrastructure redundancy
What are the required components of a clustered vRA architecture deployment?
*load balancers to support vIDM instance and vRA instances
*lifecycle manager
*3 nodes for vIDM cluster
3 nodes for vRA cluster
How would you scale if you started with a vRA standard deployment and wanted to migrate to a vRA clustered department?
Go to vRSLCM options and scale out additional nodes, loadbalancers for vIDM and vRA clusters
What are the steps to install vRA?
- Go to downloads.vmware.com
- download the easy installer iso
- mount the easy installer iso to a guest os
- run the easy installer executable
- follow easy installer prompts
- Once installation is complete there will be 3 vms (vRealize suite Lifecycle manger, vIDM, and vRA > can scale vIDM and vRA clusters to 3 nodes from this point
Can vRA be a standalone appliance?
vRA cannot be a standalone appliance because all 3 components (vrslcm, vidm, and vra) must work together
What does vRSLCM do?
- automates the deployment of vIDM and vRA
* helps to patch and upgrade vREalize suite products passwords, user account management, certificate managemen
What does vIDM do?
*provide authentication mechanism for vRealize suite products, vRA appliance
How does the vIDM authentication process work? (simplistic overview)
- someone logs into vRA console or vrealize suite product
- request is sent to vIDM
- vIDM authenticates user’s username and password against an AD or LDAP
- If the user’s account information and ad/ldap privileges match…then an SAML token is issued
- The SAML token is given to console/app that the user requested access to
- user now has access
What is the purpose of the vRA appliance (simplistic overview)?
The vRA appliance provides the services that are needed to support vRealize infrastructure and products
What is the vRealize Automation Appliance Powered By?
Photon OS
What do all vRA services run as?
Kubernetes PODs
How did vRA services run before 8.x?
- SUSE based environment from port 5408
What commands have to be used in vRA?
kubectl
What does rabbitMQ do?
Exchanges information between pods and is also a pod
Can Microsoft SQL be used with a vRA appliance?
No, can only use Postgre SQL
What are the steps to run kubernetes on a vRA appliance?
- vRA powered on
- Docker is installed and kubernetes clusters are configured
- images are taken from private registry and deploy PODs
- vREalize Automation services are running as PODs
What is helm?
Where images are pulled (private registry) for containers
what runs inside kubernetes PODs?
containters
What kind of containers are used in vRA?
Docker
What are the components of a postgres POD?
- data is stored within as a file mount
How many containers can a POD have?
many
What is a file mount ?
persistent storage
what is contained within the vco-app pod?
three containers : control center app, vco app (orchestrator services), vco-polygot-support (for multiple programming languages)
What is a namespace?
allocation of resources to a user in order to allow them to run kubernetes services
what happens with the “kubectl describe POD” command?
How running containers in a POD can be viewed
what happens with the “kubectl get PID” command?
how you view running PODs
What happens with the “kubectl get services ~ namespace” command?
provides networking for a POD
what does the ‘kubectl get deployments ~namespace’ command do?
decides the replica set and the services required to be running for a set of containers. If POds fail it ensures another with the same roles and services is brought back online
What are the steps to use the vRealize Automation Easy Installer?
- Download the vRealize Easy Installer ISO
- Mount the ISO and run the executable
- vRLCM is deployed and configured
- vRLSCM installs vIDM
- vRLSCM install vRealize automation
- vRealize automation is configured and running
Do vRLSCM, vIDM, and vRA share the same datastore?
Yes
FIPS compliance can be placed on
vRSLCM
The installation of vIDM with the vRA easy installer can be __
skipped and later, manually setup
An existing instance of vIDM can be ____
Imported with the easy installer
What is the default size for vIDM?
medium, 8 vCPUs 16gb RAM 60 GB of storage
What is the size of a large vIDM?
12 cpu 24 GB of RAM
How can all members of an AD added to vIDM be synchronized?
check the “sync group members to the directiory when adding group: setting when at the vIDm step in the easy installer
What are the default sizes for the vRA appliance?
medium, extra large,
What is the automatic default size of vRA?
medium; 12 cpus, 40 gb ram
what happns after vrslcm is installed?
vidm and vra binaries are moved to deploy vIDM and vRA (vidm.ova and vra.ova)
if a vRA installation fails, where should you go?
- “installer log location C:"
* Go to lifecycle manager ui/fqdn and sign in with default credentials used during installation of vrslcm
What can vRA quickstart be used for?
to quickly setup the vRA appliance
What will vRA quickstart allow you to do ?
allows you to pull in vCenter instances , NSX
What is vRA quickstart best for?
A quick proof of concept
What is the minimum resource requirement for vRSLCM?
2 vCPU, 6 GB, 78 gb
What is the minimum system resource requirement for vIDM
8 vCPU 16 GB 60 GB
What is the minimum resource requirement for the vRA appliance?
12 vCPU 42 GB 236 GB
What are the two configuration options for vRealize easy installer configurations
- common configs
- appliance-specific configs
*
What configuration options are avaiable at the vRealize Easy Installer screen?
- Target vCenter Server System
- Target data center or VM folder
- Target compute resources
- Target datastore
- Common network settings
- Common password
At the vRealize suite Lifecycle Manager Configuration setup page what options are present?
- data center name
- vCenter name
- disk size
- FIPS complianception
- Virtual Machine settings
- Ip address settings for appliance
- host name for appliance
At the identity manager configuration page, what options are available?
- vRA environment name
- license key
-FIPs compliance settings - node size
- vm name
- ip address
hostname
-internal pods and services configuration customization option for k6s cluster IP range - option to skip vRA installation
-option to do standard or clustered deployment
option to select custom certificates and load balancers if clustered deployment is chosen
What is the difference between authentication and authorization
Authentication confirms identitym verifies ab object or person is who they say they are, requires login credentials while authorization determines what an objecct or person has access to, grants permissions to resources, requires user roles
How does identity manager work?
- identity service send a request to vidm via url
- the vIDM appliance validates the user’s credentials against an org ad
- If user credentials match their authorization in AD, then user gains access to vRA console
How does vIDM run?
As a kubernetes POD
What makes the vIDM kubernetes pod different from other POD services (in respect to architecture)?
- it runs vIDM services
- it has a FQDN and pull number required for communication with vRA
What is the database for vIDM?
Identity-db
What does vidm’s identity-db do?
It is a database that keeps a user’s login request (after they attempt to login into the vRA appliance) so that vIDM can query the user’s credentials against a connected AD/LDAP to gauge access
What does vIDM manage?
- user authentication
- access policies
- user resource entitlements
How do you login to vIDM?
via the default configuration admin user credentials specified during the installation of vIDM
What three directory types are supported by vIDM?
- active directory over LDAP
- active directory integrated windows
- Openlad directory
How do you see the current directories connected to vIDM?
go to vIDM’s FQDN > select identity and access management > select directories
What is the integrated windows authentication designed for?
- active directories with a forest architecture
You integrate a new directory to vIDM by going to:
FQDN of vIDM > identity access and management > directories > add directory > put directory name > select authentication options > select directory search attribute > input bind user details
what is a domain another name for in relation to vIDM?
forest
LDAP = _ FOREST, intergrated windows = _ forest
1, multi
What is the mechanism that connects a vIDM directory to an org’s active directory
a connector (sync connector)
what are the features of vIDM?
- access policies
- support for multiple user authentication methods
- two factor authentication can also incorporate mobile SSO or VMware verify
- password recovery assistant
- just in time user provision
what does it mean to map attributes in vIDM?
it means you select the attributes that are synchronized between an org’s AD and vIDM
Are all attributes between an AD and vIDM required to be mapped?
No, some attributes are required and some are optional
Can required attributes be changed?
Yes
What are the attributes that can be mapped between an AD and vIDM?
- lastName
- firstName
- userName
- phone
- disabled
What attributes are required to be defined between an AD and vIDM?
- lastname
- firstname
- username
How do you synchronize AD groups to vIDM?
after vIDM mapping page > specify the group under “specify the group DNs”
What members of an AD group group will be synchronized with vIDM?
members of the group that are OU
When you click “sync nested group members” on the “select the groups you want to sync page”, what happens?
all nested members of a selected group are synchronized (regardless if they are OU or not )
What does do access policies mean in relation to vIDM?
conditional access for users by a set criteria. Ex. only allow logins from this user when they are on a specific network address
What is the password recovery assistant feature in vRA?
Can configure a “forgot password” prompt so that users can set a new password when they forget their current one
What tabs will a default config admin for vRA have access to in the vRA console ?
- services
- identity and access management
- branding
By default, How many vRealize orgs can correlate with one vRA environment?
1
How can you edit the organization associated with a vRA environment?
By going to the vRA console > right clicking the org > view organizations > click “edit”
How do you change the banner design shown in the vRA Automation cloud service console?
go to branding > header
What are roles in vRA categorized as?
organization roles or service roles
What is the simplified process to install vRA
- Download the vRealize Easy Installer ISO
- Mount the ISO and run the executable
- vRSLCM is deployed and configured
- vRSLCM installs vIDM
- vRSLCM installs vRealize Automation
- vRealize Automation is configured and deployed
Are all vRA appliances placed on the same datastore?
Yes
What is the default node size for a (medium) vIDM deployment?
- 8 vCPUs
- 16GB RAM
- 60 GB of storage
What is the node size for a large vIDM appliance?
- 12 vCPU
* 24 gb of RAM
What happens when you add an Active directory into vIDM by checking “sync group members to the directory when adding group” during vIDM deployment ?
All members of the AD are synchronized to vIDM
What is the default size for the vRA appliance?
Medium,
- 12 vCPUs
- 40 gb Ram
Where fo you go first if vRSLCM fails to install?
- “installer log location C:"
* click lifecycle manager’s UI link > enter “admin” & “password” > lifecycle operations > requests
What is another name for vIDM in vRSLCM?
globalenvironment
What happens if an vRSLCM installation fails and a vRA appliance currently exists?
- The easy installer can not be restarted
* Troubleshooting must start with vRSLCM log review
Can a basic cloud template be created with vRA quickstart?
Yes
What settings are included in configuration options for vRSLCM?
- data center name
- vCenter name
- disk size
- FIPs compliance
- virtual machine
- IP address
- hostname
What settings are included in the configuration options for vIDM?
- option to skip vIDM installation
- option to import vIDM installation
- option to create a new installation of vIDM
- VM names
- IP addresses
- hostname
- default configuration admin
- default configuration email
- node size
- “sync groups to the directory when adding group” setting
What settings are included in the configuration options for vRealize Automation?
- vRA environment name
- license key
- FIPS Compliance settings
- Node size
- VM name
- IP address
- hostname
- internal pods and services customization for k8s cluster IP range settings
- option to skip vRA installation
- option to perform clustered or single node deployment
- option to add custom certificates and load balancers needed to support clustered deployment
How do you monitor the progress of vRSLCM setup for vRSLCM, vIDM, and vRA appliances?
via vRSLCM > Requests
What will vRSLCM do after its initial creation?
It will create the global environment (vIDM) and vRA environment
Why is vIDM also called the global environment?
Because only vIDM can authenticate across vRealize suite products
How would you initiate vRA quickstart if it is not initially used in the deployment of vRSLCM?
You would go to the FQDN/IP of the vRealize appliance
What can vRA Quickstart be used for?
- set up an on-prem SDDC
- Populate the self service catalog
- deploy 1st cloud template
Authentication vs Authorization
Authentication confirms who you are, what you have access to via credentials while authorization determines what you have access to, grants permissions to network resources, and requires the associate of roles to credentials/identity
How does vIDM run?
As a kubernetes service pod
What happens when a user logs into vRA?
- the identity service send the user’s request to vDIM (url)
- The vIDM appliance takes the user’s associated credentials from the request and compares it against an org’s active directory
- If the user’s credentials are found in the active directory, the vIDM hands over a key to the vRA console
- The key is accepted by vRA and the user can access the vRA console
what is the identity-app pod?
- It is a kubernetes POD on the vIDM appliance that runs vIDM services.
- It stores the FQDN and pull number vRA needs to communicate to vIDM
- It redirects login requests to vRealize suite services to vIDM
What is the identity-db pod?
- It is a kubernetes pod that runs on the vIDM appliance
- It stores a database for vIDM that is used to store a user’s login request so that vIDM can validate the users identity in an associated active directory
What account is used to log into vIDM?
the default configuration admin that was configured during the deployment of vIDM
What does vIDM use to validate and manage user access?
- user authentication
- access policies
- user entitlements
How do you configure or review active directories connected to vIDM?
go to vIDM UI > select “active directory”