vRealize Integrations – vRealize Business Management

One new configuration requirement that I have come across recently working with vRealize Automation is the increased integration and permissions between vRealize Business Standard, vCenter and vRealize Operations Manager.

For internal lab environments it may be common to use the ‘admin‘ or ‘root‘ user accounts when configuring credentials for various product integrations. However in the real world, where proper accounts of least required privilege should be used, this means that specific roles and permissions need to be created and used.

This particular issue raised it’s head when the Storage Profiles could not be determined from vCenter in the Business Management tab in vRA Business Management > Cloud Cost > Storage Cost > Edit as shown below:

StorageProfiles_01

Instead of displaying the various storage profiles for Storage Monthly Costs, all storage was collapsed as ‘uncategorized‘.

Storage Profiles and Metering in EHC are discussed here

So what was wrong?

When we checked the status of the vCenter connection, in the vRA portal under Business Management > Cloud Cost > Status  we observed the following error:

vRB_Status_01

vRealize Business Standard has a requirement that the user/credentials used to manage the vCenter Server connection (Read Only) must have additional privileges in vR Ops Manager.

In addition to the vCenter Read Only role, the vRB role requires the following additional vR Ops permissions:

  • Storage views.View
  • Profile-driven storage.Profile-driven storage view
  • Global.vRealize Operations Read Only Role
vCenter_Role_Permissions

In our EHC v3.1 lab environment, we use application service accounts to identify which application is talking to which, in the form of app_<source>_<target>. So for vRB integrating with vCenter, and vR Ops Manager we use the following:

  • vRB to vCenter: app_vRB_vCenter
    • Read Only + vROps permission (as stated above)
  • vRB to vR Ops: app_vRB_vROps
    • Read Only

While configuring vRealize Business Standard, logged into vRA as the Tenant Admin, the vCenter and vRealize Operations Manager connections can be configured under Administration > Business Management, as shown below

vRB_Integrations_01

Note:

  • For the vCenter Server connection, the vCenter FQDN can and should be used
  • For the vRealize Operations Server connection:
    • Enter the vR Ops Server IP Address or FQDN
    • The vR Ops Username should be specified as: user@domain@source
vRBvROps_connection02

Note: This procedure and associated requirements have changed with vRB v7.1. More details here.

One other integration point to verify is correct, is the vCenter Adapter in vR Ops, configured in the vR Ops  UI under Administration > Solutions > VMware vSphere > Configure where the vCenter Server address should be in the format of either IP Address or FQDN

vrops_vcenter_adapter

Once these settings and user permissions have been set correctly, the Storage Profiles will be read correctly from vCenter and will be displayed accordingly in vRA Business Management, as shown below:

StorageProfiles_02

The vRA Business Management System Status also now displays all green ticks, as shown below:

vRB_Status_02

… and they all lived happily ever after! #funfunfun

Update 21/12/2016 – This functionality is no longer available when using vSphere 6. More details available here

Software versions referenced in this post:

  • vRealize Automation v6.2.1 b2553372
  • vRealize Business Standard v6.1.0 b2548009
  • vRealize Operations Manager v6.0.3 b3041065
  • vCenter Server v5.5.0 b3142196 (5.5 Update3a)
  • Federation Enterprise Hybrid Cloud v3.1

To correlate build numbers to VMware product versions, please ref here

Official VMware Doc References:

2 thoughts on “vRealize Integrations – vRealize Business Management

  1. Pingback: vRB for Cloud and vR Ops Integration | Scamallach

  2. Pingback: vRB Storage Costs by Storage Profile begone | Scamallach

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.