A big release last week from VMware – A vRealize Automation 7.0 which has been announced during VMworld Barcelona. It took VMware finally several months to release the full product (the demo I saw was just before the Barcelona 2015 event).
The product has simplified deployment (single OVA file) and has many architectural changes needing to take special attention for upgrades. VMware has put on an upgrade page where you'll be able to get help – vRealize Upgrade Center page.
Update: Check out my Step-by-step vRealize Automation 7 Simple Install!
vRealize Automation 7.0 – What’s new?
Product introducing many new innovative functions and architectural changes.
Architecture changes – During the deployment steps (not tested just yet) there is fewer services to deploy and fewer VA’s to manage with fewer external dependencies. (It's single OVA btw). All services are automatically clustered when deployed in HA configuration.
To deploy HA architecture now only 2 appliances are necessary, but the installer starts with single OVA. Then you have a choice between simple install or Enterprise install (for setting up 2 HA instances – fully distributed install). Simple install does not provide HA.
The wizard detects available hosts and allows to chose and assign different roles… (note that the machine discovery needs management agent to be pre-installed). There is also a standalone pre-req checker available. Once to roles assigned, you can roll on the installation process.
Possibility to roll back… all wizard driven installation.
The time to install is only about 15-20 min … (to be tested).
vRA 7.0 From the release notes:
Simplified Configuration Process – The installation wizard greatly reduces the time it takes to get things up and running. With the minimal deployment option, you can be up and running six times faster than with previous deployments. The simplified architecture, including authentication and Single Sign-On, in vRealize Automation 7.0 brings ease to this process, enabling you to begin provisioning services in a fraction of the time this used to take.
Unified Service Blueprint and Design Canvas – A new unified service blueprint and design canvas for defining single machine blueprints to multi-tier applications. Component services like compute infrastructure, networks, security, and software can be intuitively assembled with a simple move of your mouse.
Blueprints as Code – Service blueprints can be edited as text files to facilitate DevOps deployments. The ability to export and import blueprints as code improves version control and sharing of policies across vRealize Automation instances and tenants.
Improved Extensibility – Feature-enhanced extensibility, which simplifies and expands the ability to invoke external tools and integrate with existing systems. A new event broker simplifies and standardizes the process by which third-party solutions integrate with vRealize Automation.
VMware Identity Management (vIDM). It’s now embedded service in vRA appliance (no longer as a separate virtual appliance). IDM replaces single sign-on (SSO). And also, It automatically deploys in HA mode allowing automatic failovers.
IDM gives more capabilities than SSO:
- Multiple domain for single tenant
- Single domain to multiple tenants
- Full OTB branding capabilities
- OTB 3rd party SAML token support
- OTB Smart card support
- Multi-factor authentication
- Login auditing
- Scalability Improvements (over SSO)
- HA support which is configurable by a wizard
Additional vIDM features:
- Supports local users where AD isn’t required (demo environments, Proof of concept scenarios – POC).
- Support for basic operations for users add/remove/edit
- Local users are per tenant.
- Tenant Isolation
- Tenant boundary is flexible, not limited by AD domains
- Sync based on schedule or manual
Totally supported with vIDM (via UI) … It's possible to add logo, background, change login screen or colors..
Converged Blueprints (CBP)
Allows Drag and Drop – Converged Blueprint Designer is simplified blueprint authoring for IaaS and Applications, allowing drag-and-drop operations. On the left you chose the category, and within the category you chose what you’ll drag on the the canvas…..
App services which has been separate appliance, is now incorporated into the blueprint designer.
- Unified graphical canvas for designing machines, software components and application stacks
- Ability to extend or define external integrations in the canvas through XaaS (a.k.a ASD)
- Enable team collaboration by enhancing and introducing fine grain roles
- Avoid App Services complexity that often lead to longer sales cycle or reduced opportunity
NSX Integration for Blueprint authoring and deployment
The networking is also incorporated. It’s possible to drag-and-drop new networks, load balances, on-demand routers. You’ll get a topology view on what’s you’re building… Blueprints are importable and exportable. It’s possible to built a nested blueprints! Let’s say you build a blueprint. Save it, make it available, and then consume this blueprint into the canvas to use it.
- Automated connectivity to existing or on-demand networks
- Micro-segmentation for application stack
- Automated security policy enforcement thru NSX security policies, groups and tags
- On-demand dedicated NSX load balancer
- Parent component only, not application-level
NSX consuming is simpler by drag and drop and especially having the possibility to see the view of what’s built.
LifeCycle Extensibility – centralized policy management.
Event broker it looks for events in the event box, an a trigger.
An external solution (already used by customer) can be used for governance and approvals too. This external solution is solution that client has already invested probably some big money. The policy management can ask for an approval this external product and then continue the workflow.
The overall view of Life Cycle Extensibility – Event Broker (EBS)
It looks like completely re-written product which keeps the original idea in mind, with adding more services and innovations. The 7.0 looks like more mature product too as the deployment looks like to be much simpler than in the past. I have always the feeling that the v1.0 products are cert innovative, but lacks those smoothness and easiness when it comes to deployment or monitoring. But that't the way it is, and instead of waiting 2 years for a product to be delivered, a new (or re-branded) products appears as they are, to provide services needed by the IT.