Configure VMware vRealize Automation to provision VMs on VMware Cloud on AWS

Created by Deepak Kumar (AWS)

Environment: Production	Technologies: Hybrid cloud; Infrastructure	Workload: All other workloads
AWS services: AWS Direct Connect; AWS Site-to-Site VPN

Summary

Notice: As of April 30, 2024, VMware Cloud on AWS is no longer resold by AWS or its channel partners. The service will continue to be available through Broadcom. We encourage you to reach out to your AWS representative for details.

VMware vRealize Automation is automation software that you can use to request and manage IT resources. By choosing to configure vRealize Automation with VMware Cloud on AWS, you can automate the delivery of virtual machines (VMs), applications, and IT services across multiple data centers and cloud environments.

Your IT teams can then create catalog items to configure service provisioning and operational capabilities that your users can request and use with their existing vRealize Automation tools. You can also improve your IT agility and efficiency by integrating VMware Cloud on AWS with vRealize Automation Cloud Assembly.

This pattern describes how to configure VMware vRealize Automation to automatically build VMs or application capabilities on VMware Cloud on AWS.

Prerequisites and limitations

Prerequisites

• An existing on-premises data center and a VMware Cloud on AWS software-defined data center (SDDC). For more information about the cloud SDCC, see About Software-Defined Data Centers in the VMware documentation.

• An existing connection between the on-premises data center and the cloud SDDC, using AWS Direct Connect, a VPN (route or policy-based), or both.

• The on-premises data center and cloud SDDC are synchronized with network time protocol (NTP) or another authoritative time source.

• The maximum latency of a round-trip time between the on-premises data center and the cloud SDDC doesn’t exceed 100ms.

• The vCenter Server’s fully qualified domain name (FQDN) must resolve to a private IP address.

• Cloud SDDC users with access to your on-premises environment.

• Organization owner access in the vRealize Automation Cloud Assembly service role.

• End users with permission in vRealize Automation Service Broker to consume service.

• The on-premises data center’s Classless Inter-Domain Routing (CIDR) range must be open for the generating of API tokens from the VMware Cloud on AWS console. The following list provides the minimum roles required to generate API tokens:

  • Organization member

  • Organization owner

  • Service Roles - VMware Cloud on AWS

  • Administrator

  • NSX Cloud Administrator

  • NSX Cloud Auditor

For more information about this, see Connectivity Options for VMware Cloud on AWS SDDCs from the AWS Partner Network Blog. 

Limitations

• You can only configure 20 VMware Cloud accounts with public endpoints in one vRealize Automation. For more information about this, see Scalability and concurrency maximums in the VMware documentation. 

Product versions

• vRealize Automation version 8.x or later

• VMware vRealize Identity Manager version 3.x or later

• VMware vRealize Suite Lifecycle Manager version 8.x or later

Architecture

The following diagram shows the vRealize Automation services that can use infrastructure from both on-premises and VMware Cloud on AWS environments.

 VMware Cloud Assembly components

VMware Cloud Assembly is a core component of vRealize Automation and you can use it to deploy and provision VMs and compute resources. The following table describes VMware Cloud Assembly components that must be configured for provisioning VMs on VMware Cloud on AWS.

Components	Definition
Cloud Account	The Cloud Account provides connection details (for example, server name, user name and password, access key, and API token). VMware Cloud Assembly uses the Cloud Account to collect an inventory of your resources.
Cloud zones	Cloud zones identify resource boundaries in the Cloud Account (for example, AWS Regions and the cloud SDDC). Cloud zones associate compute resources with the Cloud Assembly project.
Projects	A project is a logical entity that consists of users and resources such as cloud zones. It also consists of resource quotas and VM naming policies that are used when building the VM.
Flavor mappings	Flavor mapping provides information about the VM’s capacity (for example, number of CPUs and amount of memory) that are used in the Cloud Template.
Image mappings	Image mapping maps the VMware vSphere VM template and Amazon Web Services (AWS) image that are used in the Cloud Template. For more information about this, see Learn more about image mappings in vRealize Automation in the VMware documentation.
Network profile	Network profile controls the placement decision to choose a network during VM provisioning.
Storage profile	Storage profile controls the placement decision to choose storage during VM provisioning.
Cloud Templates	VMware Cloud Templates are an important component of vRealize Automation because they define cloud infrastructure provisioning and orchestration. The Cloud Templates are specifications for the resources and include the resource type, resource properties, and input to be collected from users.

Tools

• VMware vRealize Automation – vRealize Automation is an infrastructure automation platform with event-driven state management and compliance. It is designed to help organizations control and secure self-service clouds, multi-cloud automation with governance, and DevOps-based infrastructure delivery. 

• VMware Cloud on AWS – VMware Cloud on AWS is an integrated cloud offering jointly developed by AWS and VMware. 

Epics

Generate the API tokens

Task	Description	Skills required
Generate the API tokens from your VMware Cloud on AWS account.	Sign in to the VMware Cloud Console. On the VMware Cloud Services toolbar, choose My Account and then choose API Token. Enter a name for your API token, provide the required lifespan, and define the scopes for the token.  Choose the Open ID check box and then choose Generate.  Record the API token's credentials. For more information about this, see How do I generate API tokens in the VMware documentation.	Cloud administrator

Install vRealize Automation in your on-premises data center

Task	Description	Skills required
Download the required software.	Download the VMware vRealize Suite ISO file from the My VMware Portal. This package contains vRealize Suite Lifecycle Manager, VMware Identity Manager, and vRealize Automation.	Cloud administrator
Install the software.	Install the software and connect to your cloud SDCC by following the instructions from Installing vRealize Suite Lifecycle Manager with Easy Installer for vRealize Automationand VMware Identity Manager in the VMware documentation. Important: Make sure that the following are available for your installation: The on-premises VMware vCenter Server setup and login credentials The network details for the vRealize Automation IP and subnet The vRealize Automation license key	Cloud administrator, Cloud architect

Connect VMware Cloud on AWS with VMware Cloud Assembly

Task	Description	Skills required
Configure your Cloud Accounts.	On the VMware Cloud Console, open the Infrastructure tab, choose Manage – Cloud Accounts, and then choose Add Cloud Accounts.  Choose VMware Cloud on AWS as the type. Paste the API token information that you recorded earlier. This populates all available cloud SDDCs in your VMware Cloud on AWS organization.  Choose the required cloud SDCC and then provide the vCenter user name and password for the SDDC. After you are successfully authenticated, you can view the integrated VMware Cloud on AWS account with an OK status. For more information about this, see Create a VMware Cloud on AWS cloud account in vRealize Automation in the VMware documentation.	Cloud architect, Cloud administrator
Configure the project.	On the VMware Cloud Console, open the Projects tab and then choose New project.  Enter the name of your project. Open the Cloud Zones tab and choose default VMware Cloud on AWS Cloud Account.	Cloud administrator
Configure cloud zone.	On the VMware Cloud Console, open Cloud Zones and choose the cloud zone for your SDDC data center. By default, cloudadmin@vmc.local (this is the default local user ID for the cloud SDDC’s vCenter) only has access to provision in the Compute-ResourcePool.  Open the Compute tab under Cloud Zones and then choose Compute-ResourcePool.	Cloud administrator
Configure flavor mapping.	Open the Flavor Mappings tab and create a new flavor mapping. Enter the flavor name, choose the VMware Cloud on AWS account, and then provide the number of vCPUs and amount of memory.	Cloud administrator
Configure image mapping.	Open Image Mappings and create a new image mapping. Enter the image name. Choose the VMware Cloud on AWS account and provide the Cloud Account templates that are required.	Cloud administrator
Configure network profile.	Open Network Profile and create a new network profile. Enter the network profile name. Open the Network tab and choose the existing network that you want to use for provisioning.	Cloud administrator
Configure storage profile.	Open Storage Profile and choose New Storage Profile. Enter the storage profile's name. In the Policies section, create a new policy. Choose Workload Datastore. By default cloudadmin@vmc.local only has access to provision in the workload's datastore.	Cloud administrator
Create the Cloud Template.	Open the Design tab, choose Cloud Templates, and then choose New From and Blank Canvas. Provide the name and description of the Cloud Template. Choose the project that you created earlier.  From the Cloud Template resources design page, drag components into the blank canvas according to your requirements.  Choose Test to test the template and fix any issues. Choose Deployment and provide the deployment name to deploy the VMs.  For more information about this, see Create a basic cloud template in the VMware documentation.	Cloud administrator

Related resources

• Connect vRealize Automation version 8.x to your SDDC:

• Deploy an SDDC from the VMware Cloud on AWS Console

• AWS Direct Connect Integration with VMware Cloud on AWS