vRealize Automation ICM

Question 1

What can vRA do?

Answer 1

It can automate the deployment of infrastructure components (such as vms, apps, and services)

It can also automate collaboration between multiple cloud providers

Question 2

Why don’t you have to be a programmer to consumer vRA?

Answer 2

You don’t have to be a programmer because vRA automates the placement of software and objects in an environment

Question 3

What business cases does vRA solve ?

Answer 3

• ability to manage multiple cloud infrastructure from one interface
• Achieve IaaS, SaaS, ZaaS
• Decrease organization inefficiencies to app deployment

Question 4

What are the components of vRA?

Answer 4

• Cloud Assembly
• Service Broker
• Code Stream
• vRealize Orchestrator

Question 5

What does cloud assembly do?

Answer 5

• Setups basic cloud infra by pulling in cloud accounts from VMware on AWS, VMware Azure , etc
• Infra as code templates are contained her and can be used by teams
• Kubernetes integration support for native kubes, vSphere with Tanzu, and pivotal container service
• marketplace access for ready-made templates for cloud templates
• vm templates

Question 6

What is the function of service broker in vRA?

Answer 6

• Gathers info from multiple sources into a single catalog for users
• Where the self-service catalog is located

Question 7

What are the benefits of VMware Cloud services

Answer 7

• 45 day free trial
• no need to patch, upgrade, or monitor vRA
• earlier access to new features
• single view across multiple clouds and data centers
• chat support available if an org has production support

Question 8

vRealize Automation On Prem vs vRealize Automation Cloud

Answer 8

Who vRealize Automation on Prem is for:

• existing vRealize Customer
• org that needs a large big cloud management solution
• a business that can’t use SaaS because of security and compliance reqs
• Entities dependent on-prem tools such as service desk IPAM and physical load balancers

Who vRealize cloud is for:

• orgs new to vRealize suite
• small IT orgs
• Orgs that have adopted SaaS strategy
• Orgs that need fast provision and deployment of a cloud infrastructure

Question 9

What is the vRealize Cloud Universal Licensing Model

Answer 9

• it is the hybrid bundling on prem and SaaS vRealize suite products

Question 10

What are the benefits of the vRealize Cloud Universal licensing model?

Answer 10

• Since on prem and Saas vRealize Suite licenses can be bundled together, it removes the need for separate licenses to manage vRealize suite products
• can monitor on prem and cloud products from one single pane via self service catalog

Question 11

How can vRa be deployed?

Answer 11

It cann be deployed as a standard deployment or a clustered infrastructure

Question 12

What is a VRA standard deployment for?

Answer 12

• Only meant for POC and testing

* has no HA feature(if appliance fails there is no failover mechanism to support high availability

Question 13

What are the components of vRA standard deployment?

Answer 13

• vRealize suite lifecycle management
• VMware identity Manager
• vRealize Appliance

Question 14

What are all components in the standard vRA architecture deployment based on?

Answer 14

Photon OS

Question 15

What is the order of installation for a vRA standard deployment architecture?

Answer 15

1. vRealize Suite Lifecycle Manager suite is installed

2. vIDM and vRA appliance installed

Question 16

What is a clustered vRA architecture deployment used for?

Answer 16

• It is used for production environments and large enterprises

Question 17

Why is a clustered vRA deployment better than a standard vRA deployment?

Answer 17

*has high availability to provide infrastructure redundancy

Question 18

What are the required components of a clustered vRA architecture deployment?

Answer 18

*load balancers to support vIDM instance and vRA instances
*lifecycle manager
*3 nodes for vIDM cluster
3 nodes for vRA cluster

Question 19

How would you scale if you started with a vRA standard deployment and wanted to migrate to a vRA clustered department?

Answer 19

Go to vRSLCM options and scale out additional nodes, loadbalancers for vIDM and vRA clusters

Question 20

What are the steps to install vRA?

Answer 20

1. Go to downloads.vmware.com
2. download the easy installer iso
3. mount the easy installer iso to a guest os
4. run the easy installer executable
5. follow easy installer prompts
6. Once installation is complete there will be 3 vms (vRealize suite Lifecycle manger, vIDM, and vRA > can scale vIDM and vRA clusters to 3 nodes from this point

Question 21

Can vRA be a standalone appliance?

Answer 21

vRA cannot be a standalone appliance because all 3 components (vrslcm, vidm, and vra) must work together

Question 22

What does vRSLCM do?

Answer 22

• automates the deployment of vIDM and vRA

* helps to patch and upgrade vREalize suite products passwords, user account management, certificate managemen

Question 23

What does vIDM do?

Answer 23

*provide authentication mechanism for vRealize suite products, vRA appliance

Question 24

How does the vIDM authentication process work? (simplistic overview)

Answer 24

1. someone logs into vRA console or vrealize suite product
2. request is sent to vIDM
3. vIDM authenticates user’s username and password against an AD or LDAP
4. If the user’s account information and ad/ldap privileges match…then an SAML token is issued
5. The SAML token is given to console/app that the user requested access to
6. user now has access

Question 25

What is the purpose of the vRA appliance (simplistic overview)?

Answer 25

The vRA appliance provides the services that are needed to support vRealize infrastructure and products

Question 26

What is the vRealize Automation Appliance Powered By?

Answer 26

Photon OS

Question 27

What do all vRA services run as?

Answer 27

Kubernetes PODs

Question 28

How did vRA services run before 8.x?

Answer 28

• SUSE based environment from port 5408

Question 29

What commands have to be used in vRA?

Answer 29

kubectl

Question 30

What does rabbitMQ do?

Answer 30

Exchanges information between pods and is also a pod

Question 31

Can Microsoft SQL be used with a vRA appliance?

Answer 31

No, can only use Postgre SQL

Question 32

What are the steps to run kubernetes on a vRA appliance?

Answer 32

1. vRA powered on
2. Docker is installed and kubernetes clusters are configured
3. images are taken from private registry and deploy PODs
4. vREalize Automation services are running as PODs

Question 33

What is helm?

Answer 33

Where images are pulled (private registry) for containers

Question 34

what runs inside kubernetes PODs?

Answer 34

containters

Question 35

What kind of containers are used in vRA?

Answer 35

Docker

Question 36

What are the components of a postgres POD?

Answer 36

• data is stored within as a file mount

Question 37

How many containers can a POD have?

Answer 37

many

Question 38

What is a file mount ?

Answer 38

persistent storage

Question 39

what is contained within the vco-app pod?

Answer 39

three containers : control center app, vco app (orchestrator services), vco-polygot-support (for multiple programming languages)

Question 40

What is a namespace?

Answer 40

allocation of resources to a user in order to allow them to run kubernetes services

Question 41

what happens with the “kubectl describe POD” command?

Answer 41

How running containers in a POD can be viewed

Question 42

what happens with the “kubectl get PID” command?

Answer 42

how you view running PODs

Question 43

What happens with the “kubectl get services ~ namespace” command?

Answer 43

provides networking for a POD

Question 44

what does the ‘kubectl get deployments ~namespace’ command do?

Answer 44

decides the replica set and the services required to be running for a set of containers. If POds fail it ensures another with the same roles and services is brought back online

Question 45

What are the steps to use the vRealize Automation Easy Installer?

Answer 45

1. Download the vRealize Easy Installer ISO
2. Mount the ISO and run the executable
3. vRLCM is deployed and configured
4. vRLSCM installs vIDM
5. vRLSCM install vRealize automation
6. vRealize automation is configured and running

Question 46

Do vRLSCM, vIDM, and vRA share the same datastore?

Answer 46

Yes

Question 47

FIPS compliance can be placed on

Answer 47

vRSLCM

Question 48

The installation of vIDM with the vRA easy installer can be __

Answer 48

skipped and later, manually setup

Question 49

An existing instance of vIDM can be ____

Answer 49

Imported with the easy installer

Question 50

What is the default size for vIDM?

Answer 50

medium, 8 vCPUs 16gb RAM 60 GB of storage

Question 51

What is the size of a large vIDM?

Answer 51

12 cpu 24 GB of RAM

Question 52

How can all members of an AD added to vIDM be synchronized?

Answer 52

check the “sync group members to the directiory when adding group: setting when at the vIDm step in the easy installer

Question 53

What are the default sizes for the vRA appliance?

Answer 53

medium, extra large,

Question 54

What is the automatic default size of vRA?

Answer 54

medium; 12 cpus, 40 gb ram

Question 55

what happns after vrslcm is installed?

Answer 55

vidm and vra binaries are moved to deploy vIDM and vRA (vidm.ova and vra.ova)

Question 56

if a vRA installation fails, where should you go?

Answer 56

• “installer log location C:"

* Go to lifecycle manager ui/fqdn and sign in with default credentials used during installation of vrslcm

Question 57

What can vRA quickstart be used for?

Answer 57

to quickly setup the vRA appliance

Question 58

What will vRA quickstart allow you to do ?

Answer 58

allows you to pull in vCenter instances , NSX

Question 59

What is vRA quickstart best for?

Answer 59

A quick proof of concept

Question 60

What is the minimum resource requirement for vRSLCM?

Answer 60

2 vCPU, 6 GB, 78 gb

Question 61

What is the minimum system resource requirement for vIDM

Answer 61

8 vCPU 16 GB 60 GB

Question 62

What is the minimum resource requirement for the vRA appliance?

Answer 62

12 vCPU 42 GB 236 GB

Question 63

What are the two configuration options for vRealize easy installer configurations

Answer 63

• common configs
• appliance-specific configs
  *

Question 64

What configuration options are avaiable at the vRealize Easy Installer screen?

Answer 64

• Target vCenter Server System
• Target data center or VM folder
• Target compute resources
• Target datastore
• Common network settings
• Common password

Question 65

At the vRealize suite Lifecycle Manager Configuration setup page what options are present?

Answer 65

• data center name
• vCenter name
• disk size
• FIPS complianception
• Virtual Machine settings
• Ip address settings for appliance
• host name for appliance

Question 66

At the identity manager configuration page, what options are available?

Answer 66

• vRA environment name
• license key
  -FIPs compliance settings
• node size
• vm name
• ip address
  hostname
  -internal pods and services configuration customization option for k6s cluster IP range
• option to skip vRA installation
  -option to do standard or clustered deployment
  option to select custom certificates and load balancers if clustered deployment is chosen

Question 67

What is the difference between authentication and authorization

Answer 67

Authentication confirms identitym verifies ab object or person is who they say they are, requires login credentials while authorization determines what an objecct or person has access to, grants permissions to resources, requires user roles

Question 68

How does identity manager work?

Answer 68

1. identity service send a request to vidm via url
2. the vIDM appliance validates the user’s credentials against an org ad
3. If user credentials match their authorization in AD, then user gains access to vRA console

Question 69

How does vIDM run?

Answer 69

As a kubernetes POD

Question 70

What makes the vIDM kubernetes pod different from other POD services (in respect to architecture)?

Answer 70

• it runs vIDM services

- it has a FQDN and pull number required for communication with vRA

Question 71

What is the database for vIDM?

Answer 71

Identity-db

Question 72

What does vidm’s identity-db do?

Answer 72

It is a database that keeps a user’s login request (after they attempt to login into the vRA appliance) so that vIDM can query the user’s credentials against a connected AD/LDAP to gauge access

Question 73

What does vIDM manage?

Answer 73

• user authentication
• access policies
• user resource entitlements

Question 74

How do you login to vIDM?

Answer 74

via the default configuration admin user credentials specified during the installation of vIDM

Question 75

What three directory types are supported by vIDM?

Answer 75

• active directory over LDAP
• active directory integrated windows
• Openlad directory

Question 76

How do you see the current directories connected to vIDM?

Answer 76

go to vIDM’s FQDN > select identity and access management > select directories

Question 77

What is the integrated windows authentication designed for?

Answer 77

• active directories with a forest architecture

Question 78

You integrate a new directory to vIDM by going to:

Answer 78

FQDN of vIDM > identity access and management > directories > add directory > put directory name > select authentication options > select directory search attribute > input bind user details

Question 79

what is a domain another name for in relation to vIDM?

Answer 79

forest

Question 80

LDAP = _ FOREST, intergrated windows = _ forest

Answer 80

1, multi

Question 81

What is the mechanism that connects a vIDM directory to an org’s active directory

Answer 81

a connector (sync connector)

Question 82

what are the features of vIDM?

Answer 82

• access policies
• support for multiple user authentication methods
• two factor authentication can also incorporate mobile SSO or VMware verify
• password recovery assistant
• just in time user provision

Question 83

what does it mean to map attributes in vIDM?

Answer 83

it means you select the attributes that are synchronized between an org’s AD and vIDM

Question 84

Are all attributes between an AD and vIDM required to be mapped?

Answer 84

No, some attributes are required and some are optional

Question 85

Can required attributes be changed?

Answer 85

Yes

Question 86

What are the attributes that can be mapped between an AD and vIDM?

Answer 86

• lastName
• firstName
• email
• userName
• phone
• disabled

Question 87

What attributes are required to be defined between an AD and vIDM?

Answer 87

• lastname
• firstname
• email
• username

Question 88

How do you synchronize AD groups to vIDM?

Answer 88

after vIDM mapping page > specify the group under “specify the group DNs”

Question 89

What members of an AD group group will be synchronized with vIDM?

Answer 89

members of the group that are OU

Question 90

When you click “sync nested group members” on the “select the groups you want to sync page”, what happens?

Answer 90

all nested members of a selected group are synchronized (regardless if they are OU or not )

Question 91

What does do access policies mean in relation to vIDM?

Answer 91

conditional access for users by a set criteria. Ex. only allow logins from this user when they are on a specific network address

Question 92

What is the password recovery assistant feature in vRA?

Answer 92

Can configure a “forgot password” prompt so that users can set a new password when they forget their current one

Question 93

What tabs will a default config admin for vRA have access to in the vRA console ?

Answer 93

• services
• identity and access management
• branding

Question 94

By default, How many vRealize orgs can correlate with one vRA environment?

Answer 94

1

Question 95

How can you edit the organization associated with a vRA environment?

Answer 95

By going to the vRA console > right clicking the org > view organizations > click “edit”

Question 96

How do you change the banner design shown in the vRA Automation cloud service console?

Answer 96

go to branding > header

Question 97

What are roles in vRA categorized as?

Answer 97

organization roles or service roles

Question 98

What is the simplified process to install vRA

Answer 98

1. Download the vRealize Easy Installer ISO
2. Mount the ISO and run the executable
3. vRSLCM is deployed and configured
4. vRSLCM installs vIDM
5. vRSLCM installs vRealize Automation
6. vRealize Automation is configured and deployed

Question 99

Are all vRA appliances placed on the same datastore?

Answer 99

Yes

Question 100

What is the default node size for a (medium) vIDM deployment?

Answer 100

• 8 vCPUs
• 16GB RAM
• 60 GB of storage

Question 101

What is the node size for a large vIDM appliance?

Answer 101

• 12 vCPU

* 24 gb of RAM

Question 102

What happens when you add an Active directory into vIDM by checking “sync group members to the directory when adding group” during vIDM deployment ?

Answer 102

All members of the AD are synchronized to vIDM

Question 103

What is the default size for the vRA appliance?

Answer 103

Medium,

• 12 vCPUs
• 40 gb Ram

Question 104

Where fo you go first if vRSLCM fails to install?

Answer 104

• “installer log location C:"

* click lifecycle manager’s UI link > enter “admin” & “password” > lifecycle operations > requests

Question 105

What is another name for vIDM in vRSLCM?

Answer 105

globalenvironment

Question 106

What happens if an vRSLCM installation fails and a vRA appliance currently exists?

Answer 106

• The easy installer can not be restarted

* Troubleshooting must start with vRSLCM log review

Question 107

Can a basic cloud template be created with vRA quickstart?

Answer 107

Yes

Question 108

What settings are included in configuration options for vRSLCM?

Answer 108

• data center name
• vCenter name
• disk size
• FIPs compliance
• virtual machine
• IP address
• hostname

Question 109

What settings are included in the configuration options for vIDM?

Answer 109

• option to skip vIDM installation
• option to import vIDM installation
• option to create a new installation of vIDM
• VM names
• IP addresses
• hostname
• default configuration admin
• default configuration email
• node size
• “sync groups to the directory when adding group” setting

Question 110

What settings are included in the configuration options for vRealize Automation?

Answer 110

• vRA environment name
• license key
• FIPS Compliance settings
• Node size
• VM name
• IP address
• hostname
• internal pods and services customization for k8s cluster IP range settings
• option to skip vRA installation
• option to perform clustered or single node deployment
• option to add custom certificates and load balancers needed to support clustered deployment

Question 111

How do you monitor the progress of vRSLCM setup for vRSLCM, vIDM, and vRA appliances?

Answer 111

via vRSLCM > Requests

Question 112

What will vRSLCM do after its initial creation?

Answer 112

It will create the global environment (vIDM) and vRA environment

Question 113

Why is vIDM also called the global environment?

Answer 113

Because only vIDM can authenticate across vRealize suite products

Question 114

How would you initiate vRA quickstart if it is not initially used in the deployment of vRSLCM?

Answer 114

You would go to the FQDN/IP of the vRealize appliance

Question 115

What can vRA Quickstart be used for?

Answer 115

• set up an on-prem SDDC
• Populate the self service catalog
• deploy 1st cloud template

Question 116

Authentication vs Authorization

Answer 116

Authentication confirms who you are, what you have access to via credentials while authorization determines what you have access to, grants permissions to network resources, and requires the associate of roles to credentials/identity

Question 117

How does vIDM run?

Answer 117

As a kubernetes service pod

Question 118

What happens when a user logs into vRA?

Answer 118

1. the identity service send the user’s request to vDIM (url)
2. The vIDM appliance takes the user’s associated credentials from the request and compares it against an org’s active directory
3. If the user’s credentials are found in the active directory, the vIDM hands over a key to the vRA console
4. The key is accepted by vRA and the user can access the vRA console

Question 119

what is the identity-app pod?

Answer 119

• It is a kubernetes POD on the vIDM appliance that runs vIDM services.
• It stores the FQDN and pull number vRA needs to communicate to vIDM
• It redirects login requests to vRealize suite services to vIDM

Question 120

What is the identity-db pod?

Answer 120

• It is a kubernetes pod that runs on the vIDM appliance
• It stores a database for vIDM that is used to store a user’s login request so that vIDM can validate the users identity in an associated active directory

Question 121

What account is used to log into vIDM?

Answer 121

the default configuration admin that was configured during the deployment of vIDM

Question 122

What does vIDM use to validate and manage user access?

Answer 122

• user authentication
• access policies
• user entitlements

Question 123

How do you configure or review active directories connected to vIDM?

Answer 123

go to vIDM UI > select “active directory”