CATEGORY: Cloud Products

Story of Mr. IT & Ms. Cloud

The way you think and operate your infrastructure and private cloud, is crucial to how your organization perceives and utilizes new technologies.
IT Architects often overlook the term ‘Cloud’ as a buzzword, rather, a pattern of deploying infrastructure.

Automation, blueprinting & orchestration… they’re all OK. But, they miss some very basic truths about what cloud is at it’s core.

Previously, we revisited the term “Hybrid Cloud”, and determined why it should be used more accurately, embodying the fact that enterprises should adopt and take advantage of the cloud model offered by Public Clouds.

This is where most blog posts around this topic will raise the ‘cattle vs pets’ arguments. Though I agree, I’d like us to dive a bit deeper and have another perspective. The way I see it, it’s not necessarily about the ‘pets’ themselves, but rather their owner – Mr. IT.

Thinking like Mr. IT

What Mr. IT had done since the dawn of virtualization, (and prior, in the x86 native era) was to do what ever it takes to make common infrastructure, such as disks, compute, and memory to become more & more resilient. Throughout the years, IT departments had paid billions and trillions of dollars in hopes of making infrastructure fault-resistant. Investing in redundant networks, clustered computing, and smart storage machines that can often replicate seamlessly between data centers (Metro Clusters, VPLEX, and their friends) all of which, end up costing a lot of money.

Mr IT, had a very good reason to do all of the above. Applications built in the client-server era, were architected as monoliths, and virtualized as-is from the days of early x86 rack servers. In this world, scale-up is the prominent methodology. Mr. IT continues in building his redundant hardware layers, increasing app (and business) performance via means of adding better compute / memory / storage.

While you can argue that these kind solutions pay off as they aim to eliminate business critical outages, today, more and more disruptive technologies & patterns allow developers to shift the old app paradigm. Eventual consistency data models, NoSQL, Micro-services etc, all allow and require infrastructure to be treated differently.

Thinking like Ms. Cloud

Public Cloud, as it’s provided today by amazon AWS , Azure, and GCP, is an implementation of an infrastructure deployment pattern. This pattern is very straight forward. Instead of saying – “My infrastructure will make sure that no workload will ever fail”, It uses a different line of thinking. One that says: “I know that my infrastructure might fail, but if it does, it’ll be contained in this specific area.” This, is the paradigm used by Ms. Cloud

When AWS took this approach to sell IaaS (and later on, other services) they didn’t just invent a new pattern of deploying hardware, but in fact they created a new paradigm for developing software, by putting the availability ‘burden’ mostly on their customers – software developers, rather on the AWS ‘Cloud Service’ IT team.

This same paradigm, can and should be implemented in the enterprise. However, it does require a management mind shift, and the correct tools.

When Amazon’s own S3 storage fumbled last march, most complaints we’re towards App developers such as Slack, Giphy, etc… Not developing for redundancy. No one was really pointing a huge blaming finger at Amazon, since as long as S3 kept it’s 99.9% availability of infrastructure SLA, Amazon have kept their part of the bargain.

And this, is where Service Driven Infrastructure comes into play. If your developers have full visibility  into understanding the extents of your organization’s infra, capabilities, limits, and fault/availability zones, they would and should, take it upon themselves to guarantee proper application redundancy.

More importantly though, their managers, peers, and IT Administrators, should drive them to do so.

Thinking like Ms Cloud, often means:
1. Offering self service infra, with visibility into underlying constructs, such as clustered racks & storage pools.
– This will serve your devs in knowing where & how to deploy services, and architect their software.
2. Supplying with general-purpose building blocks, that allow developers to build modern apps.
– Redundant Storage, Network, Compute, are the building blocks of the client-server era.
– Cloud native era building blocks consist of – DBs, Queues, LBs, and Name registration (often for micro-services discovery capabilities)


As a CIO, an IT Manager, or a system admin, you should always consider the costs of your infrastructure. Try to determine whether your developers make the best use of it. When infrastructure down-time occurs, and heads are flying, ask your CTO / R&D Managers whether they would blame IT for an Amazon cloud outage.
The first shift in making Private Clouds great (again), is to treat them exactly the same way as you would a public cloud.

Finally, Lets conclude with a thought experiment. What’s the cheaper, most cost-effective option?

1. Spending $2M worth of SAN storage rack, including it’s fabric, with a premium hypervisor attached to it.
2. Rewriting the app using your infrastructure, using 10 software engineers in a 1-year project.

Should you invest time & money in maintaining top-tier hardware, or in modernizing your business & process via software?

To Be Continued …

vRealize Automation 6.2 (vCAC) – GA! What’s New?

Another yearly quarter, and another product release! vRealize Automation 6.2 is now GA (Grab it!) and it brings so much awaited functionality to the table! This is the first release to have some impressive integration with VMware’s vROPS (formerly vCOPS) product, which is also GA today with version 6.0.

New Features!

vR Automation 6.2 / vR Operations 6.0 integration

Allows for Health badges to be viewed directly from item page, allowing the user to have a brief health summary of his VM. Also, vC-Ops-128xresource reclamation is available with insights from vROPs 6.0. When you’ll filter a VMs performance once vROPs is configured into the system, you’ll be able to search the metrics from vROPs rather then vCenter.
These two features are a huge benefit for day-to-day management of your private cloud VMs, and will surely drive great value in any environment where vROPs & vRA are integrated.

ASD Form vCO Workflow Execution

The ASD functionality of vRealize Automation always keep getting better and better. The latest improvements include being able to invoke a vCO action from the item form, when the form is displayed to the user. This, enables us to retrieve data for that request from 3rd party systems, or calculating addition information within vCO. This also applies to any custom day 2 operations you can build for vRealize Automation.

ASD Import/Export Content

This release also enables us to import and export content from vRA! Stuff like service blueprints can now be transferred from instance to instance.


VAMI Node Mgmt

Proxy Configuration for vCloud Air Endpoint

For those of you managing vCloud Air VMs with vRealize Automation, leveraging vCloud Air through an enterprise proxy is now possible via a special proxy setting in the vCloud endpoint

Centrelized Node info/log collection in vRA-VA

The vRealize Automation VA had it’s management interface revamped, and now allows for a full view of the installed components from a single point, checking if all components had communicated recently with the VA, and also the ability to collect logs in a centrelized fashion, straight from the VA’s VAMI management UI.

vRealize Applications & Custom Properties

For those of you who started exploring vRealize Applications, you can now expose the provisioned App ‘User queried’  properties, into the vRA request. Giving the user the ability to easily modify an application deployment at request time.

Come-Back Features!

Approval Props

Setting Approval Policy

Some of the (awesome) features that went away during the whole 5.2->6.0 transition are now doing a comeback! And these are GREAT news since these were REALLY handy stuff!

Editing Custom Properties on Approval

With vRA 6.2 you will be able to set custom properties to be editable by the approver! This is a wonderful feature that allows for a whole set of business logic approval use cases to be utilized again with vRA 6.2!

Calendar Widget


Approval Editing Properties

The all mighty calendar of events widget is now back, and allows you to view a calendar with all your item expiry / archiving / deletion dates right on the vRealize Automaion home page for every user! This is valuable to keep track on your VMs and leases and is a wonderful feature I really missed from 5.2

Hidden Features!

Wait… What?
So you’re probably wondering – “Why are there hidden features?” Well, the features that i’m going to describe below aren’t really meant for regular use, but are more related to my new role. I did think of some enterprise use cases where these could be beneficial, but keep in mind that they are considered ‘Experimental’.

Installing DEMs / Agents in Different Domains

One of the issues that I came across with some of my former customers (you know who you are!) was the need to manage several, unrelated domains with one vRA instance. This, naturally gets you to a decision point where IAAS is installed in a certain domain, be it management, prod, or where ever you see fit.


Calendar of Events

In order to have DEMs / vSphere Agents in other domains , you would need to do some nasty things. In this release, using the silent installer, you are able to grant a certain user in a remote domain (without any trust relationship) full access tothe IAAS repository. Meaning, that a vSphere Agent / DEM can be installed in a totally separate domain environment, under a different set of credentials from the main IAAS server components!

In order to do so, you’ll need to add two properties to the silent install for the DEM, named WorkflowManagerInstaller.msi . The properties are : DEM_REPO_USER / DEM_REPO_PASSWORD . An example of a silent install including these two properties should look something like this:


For this trick to work on a vSphere Agent, simply run a config command after the agent is installed:

[code] VRMAgent.exe -Repo-SetCredentials –user <username> –password <password> –domain <domain> [/code]

Proxying DEM Workers

When installing a DEM Worker with the silent installer, you’ll be able to add a proxy configuration for that DEM. So if you have any DMZ environments that you want to manage, this could be a great way to do so!

To proxy the DEM / Agent , simply use the silent installer mentioned in the paragraph above, and activate 3 new install parameters:

  • PROXY_ADDRESS <proxy ip addres>:<port>
  • USE_SYSDEFAULT <true/false>
  • BYPASS_ONLOCAL <true/false>

These are pretty self explanatory. The USE_SYSDEFAULT, tells the DEM to grab proxy configuration from the default system configuration found in IE proxy settings. BYPASS_ONLOCAL , will order the DEM to bypass the proxy when it detects a call from the same network he’s on.

vCAC (vRA) Cloud Client is GA!

This is something that has gone a bit under the radar generally speaking (even mine!). A couple of days ago, VMware released its vRealize Cloud Client. But what is it you ask?
Well, essentially cloud client is a tool built to automate various tasks within vCAC 6.X, like:


  • Creating blueprints / catalog items
  • Requesting catalog items
  • Activating vCAC Actions on existing items
  • Creating IaaS Endpoints
  • Automate SRM fail-overs under vCAC management(!!!)
  • Launch vCO Workflows (!!!!)
  • Write scripts using cloudclient cli

A Bit of Background

So, this awesome great tool, was initially built internally to help support some of the complex automation we do around here at VMware R&D , hence, cloudclient is now in version v3.0. Personally, I like tools like these, that come out directly from an engineering necessity. Mainly, because they come from the purest of use-cases – our own VMware internal use-cases.

Unlike vCAC CLI which went out as GA with vCAC 6.1, and is also more of a cli tool to operate vCAC’s REST APIs, CloudClient lets you do a lot of things within vCAC , with simple, one-lined commands!

What Can You Use it For?

From a customer perspective, first this tool brings great openstack-novacli-like functionality and can help your developers to consume Infrastructure as a Service, without interacting with the vCAC GUI, and to automate the request of machines using scripts.

So lets say I want to test a build using Jenkins, I can call cloud client from any shell (cmd / linux) or external script, and request a predefined catalog vm for my testing automatically. After that, you can list your items and operate on the VM / MutliMachine environment you got with cloudclient.

Using Cloud Client

First, grab cloudclient ! After you’ve done that, you’ll need to make sure that wherever you run it (bash / cmd ) ‘java’ is set as an operable program – meaning , you have the “C:\program files\Java\jre7\bin\” folder configured to your ‘Path’ environment variable so you can run java.exe from where you’re running cloudclient.

After everything is set, just run cloudclient.bat / (and accept the EULA once, be patient! this awesome cli thing is FREE ! )
Once you accepted the EULA, you should see this:

Screen Shot 2014-10-20 at 20.44.07

Next , if you’re wondering about the options in this thing, is to type ‘help’ which will show you all commands available with CloudClient.
Keep in mind, that you can always use the Tab key to auto-complete what commands can come next! Also, if you’re clicking Tab and nothing appears, just try adding minus signs like: “vra command –” and then press tab to see what parameters are available.

In order to log-in to vRA, we’ll type:

[code]vra login userpass –user –password MyPassword –server –tenant mytenant

If you’ve done it right, you should get a ‘Successful’ prompt back! For out next example, lets list all available catalog items:

[code]vra catalog list[/code]

The output should be:
catalog list

And finally, to make a request happen, we’ll need to perform a command similar to this:

[code]vra catalog request submit –groupid vmdemo –id CentOSx64 –reason Because –properties vminfo.project=ERP,provider-VirtualMachine.CPU.Count=2,provider-VirtualMachine.Memory.Size=2048[/code]

Inspecting this command carefully, you can see i’ve submitted a couple of properties with the request:

  • vminfo.project
  • provider-VirtualMachine.CPU.Count
  • provider-VirtualMachine.Memory.Size

So CPU Count & Memory Size are regular vCAC (vRA) properties, though when submitted through API , they need to have the ‘provider-‘ prefix , which is the same as saw when exploring the REST API through Firefox.

Some behaviour changes with 6.0 / 6.1 – In 6.1, if CPU/Memory are not set, request will go through with minimum CPU/Memory for the blueprint. In 6.0 (though I haven’t tested it) I believe the request will fail. So FYI :)

I must say, this is just a very short introduction to cloudclient and it’s capabilities. So go ahead, explore it, and if any more posts are needed – i’ll be sure to write them.

So leave your comments below! If you want, the official download page for CloudClient is linked Here

vCloud Automation Center 6.1 GA – What’s New?

Now that vCloud Automation Center 6.1 is generally available (grab it!) we can go more into the details of whats new! I’ve been waiting for this release for quite some time, as it improved some nice things and set a standard for next versions. So are you ready? lets go!


Installation Changes Quick-guide

Some notable installation changes can be seen with this new version. In terms of install steps, they are still the same:

  1. vCAC SSO (Id Appliance / Windows Install / vCenter Server)
  2. vCAC VA (Clustered or not)
  3. vCAC IaaS (Distributed or not)

An important note regarding the identity appliance – Upgrades from 6.0.x will still need the <id appliance FQDN>:7444 format in the host name field, BUT a fresh install will not require the port, only the host FQDN.
On the vCAC appliance side – achieving HA is now a breeze. Simply install 2 vCAC VA Appliances, configure the primary one, and add a secondary to the cluster by clicking an “HA Mode” option. This will configure the Web app, and messaging for HA mode, PostgresSQL will still have to be configured manually.


HA Mode in vCAC VA Configuration Page

As for the vCAC IaaS component, the installation of the components is pretty much the same, but a couple of things changed. .Net 4.5.1 is now the new IaaS operating framework, but you will also need Java 1.7 x64 or later to be installed on the db machine as well.

UPDATE: Looks like it might be the Manager server that specifically needs Java rather then the DB, I’ll re-check and update pre-req script soon.

The new pre-req checker will obviously warn you about this, also another tiny thing i’ve noticed – When you download java from Oracle, using a server box (an 2008 R2 for that matter) the Java you will get is an x86 one since IE is a 32 bit application, thus your computer is detected as such. So pay a good attention to which version of Java you download, since x64 is a must here.
The install script below will handle all pre-reqs, as well as attempt to download the Java 1.7 x64 and set JAVA_HOME (which is also required) for you.

After we’re done configuring everything, it’s time to login! At a first glance we can notice the vCAC UI got a nice minor revamp , showing the vCloud Suite colors & theme, and also a bit of a flat design. I like it overall.
Oh and another minor thing, you can now also access vCAC through –
https://vcac-host-fqdn/vcac/org/tenant (no more shell-ui-app, though it will work as a soft link)

New Features

vcac6 ui

New vCAC 6.1 UI

A major change that had to go deep into the vCAC 6.x code base was support for the standard i18n language codes, which includes some standard languages such as German, Japanese, Chinese and more. This is actually something coming all the way from Pat Gelsinger for all of the VMware products.

Enhanced NSX Support

This version of vCAC is mostly ‘the NSX version’ it brings some major improvements to the way multi-machine blueprints are deployed with complex networking and supports NSX in order to do so. A good example of this is the support for NSX features like:

  • Logical Switches
  • Distributed Logical Routers
  • Security Groups & policies
  • Distributed Firewall Rules
  • Load Balancers

Basically all of these improve a lot of the NSX functionality, for instance, the ability to utilize DLR enables us to deploy single-arm edge devices, with an internal link that serves as a gateway, and the external link is served by the ESXi DLR.

Also, vCAC 6.1 comes with a builtin vCO 5.5.2 Server, which contains by default, a new version of the NSX plugin for vCO! This is actually crucial in running some of the logic for vCAC / NSX integration, so if you configure vCAC for an external vCO IaaS endpoint, and plan to use NSX, be sure to install the NSX plugin on that vCO server!

This plugin will also enable you to perform some great day 2 operations on your VMs, like adding a machine to a load balanced configuration, or a security group.

ASD Capabilities

Add Day2

Add a new day2Op. Notice the ‘Status equals On’

Advanced Service Designer has been around since 6.0.x release, and VMware has extended some of the things it can perform. For example, you can now assign a day 2 operation to a VM on a VM filter basis.
This means that from now on you will be able to decide when does a VM shows its ASD Day 2 operations, according to its properties. For example, show a custom day 2 operation only if a VM is Powered On, since it is only relevant to that state of the VM.

You will also be able to filter-out operations to be displayed based on other parameters as well, kind of like the parameters available with approval policies.
Also, one of the problems with vCAC 6.x was the lack of ability to specify that a certain Day 2 operations is an ‘Un-provision’ operation. You had do delete the item off of vCO’s cache, and get vCAC to refresh its inventory as well. With the 6.1 ASD, you can specify whether a Day 2 operation is a ‘Provisioning’ one like lets say – clone a vCAC VM (and provision a second VM off of it) , or un-provisioning an ‘abstract’ item.

Last thing new and exciting about ASD is the ability to show output to the users from an ASD Day 2 operation! Meaning, you can have the output of the vCO workflow displayed to the user after the day 2 operation is done, if you need to let him know of a specific output. This is a lot nicer then an email in some cases.

Application Services


Application Services 6.1

As part of the vCAC 6.1 release, VMware’s former ‘App Director’ or now, Application Services , is also released in a new version. This version has better integration to vCAC , allowing for users to deploy fully blown multi tier apps as service catalog items.
Some of the new features include:

  • Resuming a failed App deployment
  • Multi tenancy support
  • Allowing for additional day 2 ops

Users will now be able to own the infrastructure holding the application requested from the ‘Application Services’ provider (unlike in vCAC 6.0.x) so they are easier to manage, from the central vCAC item portal.

Also, the new Application Services platform is more tightly integrated with puppet, to be able to deliver puppet configured platforms, enabling application teardown, scale in / scale out using the puppet nodes.

Infrastructure Bulk Import

vCloud Automation 6.1 now allows you to bulk import your existing infrastructure into vCAC’s management, with the help of CSV files. Although you could also import brownfield environments in 6.0.x using the infrastructure organizer, things would get complicated when you would try to import a lot of machine with multiple owners to multiple business groups. The bulk import tool comes to simplify all of that, and generates a much simpler importing flow for the end user / admin.

vCloud Automation Center CLI



This version of vCAC comes built in with a little tool called vCAC-CLI. It’ll help you do some rest operations on vCAC with ease, and allow you to get well formatted JSON responses when you perform GET operations. This tool is not ‘CloudClient’ as some of you may or may not know, but more of a vCAC cURL tool.
The tool is Java based, so you can use it from any client OS (Mac / Windows / Linux). You can download the vCAC-CLI tool directly from the vCAC Appliance.
Expect some more in-depth posts about this one later on.

vCloud Automation Center API

The fruits of the vCAC 6.0.x API have ripened and the vCloud Automation Center 6.1 exposes a fully blown Rest APIs accessible even without the help of our friend vCO !

XaaS & Dynamic Types Plugin

vCO 5.5.2 Dynamic Types plugin should now be in full sync with vCAC 6.1, allowing for users to create any vCO inventory item (and thus, a vCAC ASD item) off of services equipped with external REST/SOAP APIs … I’ll be fiddling with these capabilities soon, so expect some interesting updates in the posts to come. Meanwhile, you can check out this few guides at vCOTeam.Info to get your game going on new XaaS options and capabilities!


vRealize Air Announced

vRealize Air had been just announced at VMworld 2014 as a suite of new services that will be available in a SaaS model, this brings very interesting news to our customers.
vRealize Air Automation, is the name for our offering of vCAC-as-a-Service in a SaaS operating model. So Instead of deploying cloud management solutions on premise, you will now be able to consume vCAC’s great IaaS & XaaS services – As A Service, from the Cloud! I think that’s a good pun by the way.
So with vRealize Air Automation, you will be able to connect your private cloud & public cloud, both to a single seamless management platform, that you don’t need to deploy, just consume, off of a vRealize Air Automation instance located on vCloud Air.
Currently, the solution is open for beta registration at So go right ahead and register!

Currently, vRealize Air runs the latest vCAC version (not yet GA available), and i’m pretty sure that with vCAC on a SaaS platform it will always have the most up to date features, and capabilities of the product.  That way, you won’t need to upgrade your local premise vCAC , and will now be able to always have the latest and greatest stuff.

Personally, i’m very excited about this announcement and solution, and I will be actively helping promoting it, and get our users and customers to consider consuming vCAC on a SaaS model. Expect to hear more about my personal involvement on this great new platform soon.