One thing which was always required for vRealize Business for Cloud (or Standard as it used to be called) – was vRealize Automation for authentication and UI.
This has now changed with the release of 7.1
From the Release Notes:
Allows integration with external VMware Identity Manager. You can use standalone vRealize Business for Cloud 7.1, without deploying vRealize Automation.
The question also came up in the vExpert Slack channel – as to how do you do that ? Does it show the vCenter inventory ? Costs etc. ?
So I thought I give it a try. I never worked with vIDM before to be honest (VMware Identity Manager) so it was quite interesting to see what this is about.
So first task was to download and install vIDM – Here I am using the current ‘on-prem’ version available (184.108.40.206 Build 4366188).
The initial deployment is just like any other OVA – use the web client (unless you got IP Pools) and off you go :
Just click through the usual
Bla bla yes yes
Select the location and give it a name – here I merely call it vidm
.. and network
Now set the usual, timezone, network, IP etc.
Hit ‘go’ and power the appliance on after deployment
Wait until the OVA has been deployed and is up and running
When you browse to the appliance, you will get to the initial configuration screen
Note: Browse to the FQDN and not IP !! If you do browse to the IP – the Database initialisation will fail !
Set a couple of passwords
Here I am just using the embedded database. As mentioned, this process will fail if you connect to the appliance via its IP rather than FQDN.
Wait until the process has finished – don’t close the browser session. It stopped the process for me.
That is all you need to do
Next the configuration. I intend to use AD integration for vRB so the first things I will configure
Click the Hyperlink shown in the complete message and login as admin / password (password configured as part of the initial configuration)
Here I used a Horizon 7 Enterprise license which includes the Identity Manager Standard Edition.
My experience with WIA isn’t the best – so I go for AD over LDAP here
As vRealize Automation uses vIDM – you will notice that the configuration is identical.
Here I leave all defaults and enter the required DNs.
Ensure the ‘Test Connection’ is successful.
My domain is a single domain, so there is nothing but the one single domain to be selected
Here is what tripped me up a bit. My vRA environments always worked fine and my lab users never have first / last name and email address. Here you can see that these values are required. If any of those are missing under your user configuration in AD, the sync will fail. So ensure your users have at least
- First Name
- Last Name
I leave the reset as default.
Here I add two groups – an AD group for users and one for Admins. Thinking about it – the admin group would have been enough, but all that depends on your environment of course.
Ensure you select the groups once you entered the DNs.
If you need to add a user who isn’t part of any of the groups added in the previous screen, add it here.
My groups have only a small number of users, so it is easy to see, but ensure all users are synced. Or rather, it can read the correct amount to be synced.
Depending on the size of the environment, the sync might take a while
But the sync should eventually finish successfully
Now deploy vRealize Business for Cloud. Same deal, upload the OVA and give it all required network and credential settings and wait for the appliance to boot up.
Login with root and the password configured during the OVA deployment
Under ‘Registration’ select vIDM rather than vRA
Enter the vIDM credentials and click Register
Ensure the registration finishes successfully. Don’t forget to configure things like NTP / Certificates etc., and check whether there are updates available.
Once registered, go back to your vIDM Administration Page.
Under Users & Groups, select the VCBM_ALL group.
Click Users in this Group and Modify Users in this Group
Here you can play with a lot of conditions – based on users, groups, email etc., but here I just add my admin group configured to sync previously. The field for the group there auto-completes based on initial characters, so you don’t need to remember the whole name.
Here I just got one group
You could now give users the VCBM_VIEW permissions etc., but I won’t bother with it in my lab.
Now browse to your vRB appliance. It should redirect straight to the vIDM Workspace One login screen
Here I select my domain configured and enter the credentials of a user part of the admin group (group I configured in VCBM_ALL)
You should now see two tabs (looks familiar?)
First thing it will ask is the license key
Once entered, you are ready to go
Just like vRB inside of vRA – you need to configure a vCenter connection if you want to collect from a vCenter. Here you obviously don’t have vRA collections, so vCenter it is
Enter your vCenter details here
And as usual, accept the certificate
Now, whilst it says refresh the browser to see new data, nothing really happens until a sync has completed.
I noticed first that the vCenter Sync was missing. Despite that I clicked Update now
Now it says once more to refresh the page (this will show at the bottom of the screen)
Click Update Now
You will get once more the refresh notice at the bottom of the screen. Once refreshed you should see the details popping up
With pretty graphs too
The above costs are taken from a database taken from VMware automatically. You can change the settings etc., add costs for labour, hardware, OS etc., but this is really just an article in how to get you running.
Happy clicking 🙂