6.2
Table Of Contents
- Installation and Configuration
- Contents
- vRealize Automation Installation and Configuration
- Updated Information
- Installation Overview
- Preparing for Installation
- Minimal Deployment Checklist
- Minimal Deployment
- Distributed Deployment
- Distributed Deployment Checklist
- Distributed Installation Components
- Disabling Load Balancer Health Checks
- Certificate Trust Requirements in a Distributed Deployment
- Installation Worksheets
- Deploy Appliances for vRealize Automation
- Configuring Your Load Balancer
- Configuring Appliances for vRealize Automation
- Configure the Identity Appliance
- Configure the Primary vRealize Appliance
- Configuring Additional Instances of vRealize Appliance
- Enable Time Synchronization on the vRealize Appliance
- Configure Appliance Database on the Secondary vRealize Appliance
- Configure Appliance Database Replication on the Secondary Appliance
- Join a vRealize Appliance to a Cluster
- Disable Unused Services
- Validate the Distributed Deployment
- Test Appliance Database Failover
- Test Appliance Database Failback
- Validate Appliance Database Replication
- Install the IaaS Components in a Distributed Configuration
- Install IaaS Certificates
- Download the IaaS Installer
- Choosing an IaaS Database Scenario
- Install the Primary IaaS Website Component with Model Manager Data
- Install Additional IaaS Website Components
- Install the Primary Manager Service
- Install an Additional Manager Service Component
- Installing Distributed Execution Managers
- Configuring Windows Service to Access the IaaS Database
- Verify IaaS Services
- Installing Agents
- Set the PowerShell Execution Policy to RemoteSigned
- Choosing the Agent Installation Scenario
- Agent Installation Location and Requirements
- Installing and Configuring the Proxy Agent for vSphere
- Installing the Proxy Agent for Hyper-V or XenServer
- Installing the VDI Agent for XenDesktop
- Installing the EPI Agent for Citrix
- Installing the EPI Agent for Visual Basic Scripting
- Installing the WMI Agent for Remote WMI Requests
- Configuring Initial Access
- Configuring Additional Tenants
- Updating vRealize Automation Certificates
- Extracting Certificates and Private Keys
- Updating the Identity Appliance Certificate
- Updating the vRealize Appliance Certificate
- Updating the IaaS Certificate
- Replace the Identity Appliance Management Site Certificate
- Updating the vRealize Appliance Management Site Certificate
- Replace a Management Agent Certificate
- Troubleshooting
- Default Log Locations
- Rolling Back a Failed Installation
- Create a Support Bundle for vRealize Automation
- Installers Fail to Download
- Failed to Install Model Manager Data and Web Components
- Save Settings Warning Appears During IaaS Installation
- WAPI and Distributed Execution Managers Fail to Install
- IaaS Authentication Fails During IaaS Web and Model Management Installation
- Installation or Upgrade Fails with a Load Balancer Timeout Error
- Uninstalling a Proxy Agent Fails
- Validating Server Certificates for IaaS
- Server Times Are Not Synchronized
- RabbitMQ Configuration Fails in a High-Availability Environment
- Encryption.key File has Incorrect Permissions
- Log in to the vRealize Automation Console Fails
- Error Communicating to the Remote Server
- Blank Pages May Appear When Using Internet Explorer 9 or 10 on Windows 7
- Cannot Establish Trust Relationship for the SSL/TLS Secure Channel
- Cannot Log in to a Tenant or Tenant Identity Stores Disappear
- Adding an Endpoint Causes an Internal Error
- Error in Manager Service Communication
- Machine Requests Fail When Remote Transactions Are Disabled
- Credentials Error When Running the IaaS Installer
- Attempts to Log In as the IaaS Administrator with Incorrect UPN Format Credentials Fails with No Explanation
- Email Customization Behavior Has Changed
- Changes Made to /etc/hosts Files Might Be Overwritten
- Network Settings Were Not Successfully Applied
The following requirements apply to the service user for IaaS services:
n
The user must be a domain user.
n
The user must have local Administrator privileges on all hosts on which the Manager Service or Web
site component is installed. Do not do a workgroup installation.
n
The user is configured with Log on as a service privileges. This privilege ensures that the Manager
Service starts and generates log files.
n
The user must have dbo privileges for the IaaS database. If you use the installer to create the
database, ensure that the service user login is added to SQL Server prior to running the installer. The
installer grants the service user dbo privileges after creating the database.
n
The account under which the installer is running should have the sysadmin role enabled under
MSSQL.
n
The Management Agent is installed with LocalSystem (NT AUTHORITY\SYSTEM) built-in Windows
Account. For more information about Local System accounts, see the Microsoft article
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684190%28v=vs.85%29.aspx.
n
The domain user account that you plan to use as the IIS application pool identity for the Model
Manager Web Service is configured with Log on as batch job privileges.
Model Manager Server Specifications
Always specify the Model Manager server name by using a fully qualified domain name (FQDN). Do not
use an IP address to specify the server.
Security
vRealize Automation uses SSL to ensure secure communication among components. Passphrases are
used for secure database storage.
For more information see Certificate Trust Requirements in a Distributed Deployment and Chapter 9
Updating vRealize Automation Certificates.
Certificates
vRealize Automation uses SSL certificates for secure communication among IaaS components, the
Identity Appliance, and instances of the vRealize Appliance.
The appliances and the Windows installation machines exchange these certificates to establish a trusted
connection. You can obtain certificates from an internal or external certificate authority, or generate self-
signed certificates during the deployment process for each component.
If you want to use certificates generated by a certificate authority that is not located on the addressable
network, you must modify the web.config file for your web apps to ignore certificate revocation errors.
Otherwise, HTTP requests fail with an invalid certificate error.
For important information about troubleshooting, supportability, and trust requirements for certificates, see
the VMware knowledge base article at http://kb.vmware.com/kb/2106583.
Installation and Configuration
VMware, Inc. 31