7.3
Table Of Contents
- Installing vRealize Automation
- Contents
- vRealize Automation Installation
- Updated Information
- Installation Overview
- Preparing for Installation
- Deploying the vRealize Automation Appliance
- Installing with the Installation Wizard
- The Standard Installation Interfaces
- Using the Standard Interfaces for Minimal Deployments
- Using the Standard Interfaces for Distributed Deployments
- Distributed Deployment Checklist
- Disabling Load Balancer Health Checks
- Certificate Trust Requirements in a Distributed Deployment
- Configure Web Component, Manager Service and DEM Host Certificate Trust
- Installation Worksheets
- Configuring Your Load Balancer
- Configuring Appliances for vRealize Automation
- Install the IaaS Components in a Distributed Configuration
- Install IaaS Certificates
- Download the IaaS Installer
- Choosing an IaaS Database Scenario
- Install an IaaS Website Component and Model Manager Data
- Install Additional IaaS Web Server Components
- Install the Active Manager Service
- Install a Backup Manager Service Component
- Installing Distributed Execution Managers
- Configuring Windows Service to Access the IaaS Database
- Verify IaaS Services
- Installing Agents
- Set the PowerShell Execution Policy to RemoteSigned
- Choosing the Agent Installation Scenario
- Agent Installation Location and Requirements
- Installing and Configuring the Proxy Agent for vSphere
- Installing the Proxy Agent for Hyper-V or XenServer
- Installing the VDI Agent for XenDesktop
- Installing the EPI Agent for Citrix
- Installing the EPI Agent for Visual Basic Scripting
- Installing the WMI Agent for Remote WMI Requests
- Silent Installation
- Post-Installation Tasks
- Configure FIPS Compliant Encryption
- Enable Automatic Manager Service Failover
- Automatic PostgreSQL Database Failover
- Replacing Self-Signed Certificates with Certificates Provided by an Authority
- Changing Host Names and IP Addresses
- Removing a vRealize Automation Appliance from a Cluster
- Licensing vRealize Code Stream
- Installing the vRealize Log Insight Agent
- Change an Appliance FQDN Back to the Original FQDN
- Configure SQL AlwaysOn Availability Group
- Configure Access to the Default Tenant
- Troubleshooting an Installation
- Default Log Locations
- Rolling Back a Failed Installation
- Create a Support Bundle
- General Installation Troubleshooting
- Installation or Upgrade Fails with a Load Balancer Timeout Error
- Server Times Are Not Synchronized
- Blank Pages May Appear When Using Internet Explorer 9 or 10 on Windows 7
- Cannot Establish Trust Relationship for the SSL/TLS Secure Channel
- Connect to the Network Through a Proxy Server
- Console Steps for Initial Content Configuration
- Cannot Downgrade vRealize Automation Licenses
- Troubleshooting the vRealize Automation Appliance
- Installers Fail to Download
- Encryption.key File has Incorrect Permissions
- Directories Management Identity Manager Fails to Start After Horizon-Workspace Restart
- Incorrect Appliance Role Assignments After Failover
- Failures After Promotion of Replica and Master Nodes
- Incorrect Component Service Registrations
- Additional NIC Causes Management Interface Errors
- Cannot Promote a Secondary Virtual Appliance to Master
- Active Directory Sync Log Retention Time Is Too Short
- RabbitMQ Cannot Resolve Host Names
- Troubleshooting IaaS Components
- Prerequisite Fixer Cannot Install .NET Features
- Validating Server Certificates for IaaS
- Credentials Error When Running the IaaS Installer
- Save Settings Warning Appears During IaaS Installation
- Website Server and Distributed Execution Managers Fail to Install
- IaaS Authentication Fails During IaaS Web and Model Management Installation
- Failed to Install Model Manager Data and Web Components
- IaaS Windows Servers Do Not Support FIPS
- Adding an XaaS Endpoint Causes an Internal Error
- Uninstalling a Proxy Agent Fails
- Machine Requests Fail When Remote Transactions Are Disabled
- Error in Manager Service Communication
- Email Customization Behavior Has Changed
- Troubleshooting Log-In Errors
In a distributed, or clustered, deployment, vRealize Automation certificate organization largely conforms
to the three tiered architectural structure of vRealize Automation. The three tiers are vRealize Automation
appliance, IaaS Website components, and Manager Service components. In a distributed system, each
hardware machine in a particular tier shares a certificate. That is, each vRealize Automation appliance
shares a common certificate, and each Manager Service machine shares the common certificate that
applies to that layer.
You can use system or user generated self-signed certificates, or CA supplied certificates with distributed
vRealize Automation deployments. Starting in vRealize Automation 7.0 and newer, if no certificates are
supplied by the user, the installer automatically generates self-signed certificates for all applicable nodes
and places them in the appropriate trust stores.
You can use load balancers with distributed vRealize Automation components to provide high availability
and failover support. VMware recommends that vRealize Automation deployments use a pass-through
configuration for deployments that use load balancers. In a pass-through configuration, load balancers
pass requests along to the appropriate components rather than decrypting them. The vRealize
Automation appliance and IaaS web servers must then perform the necessary decryption.
For more information about using and configuring load balancers, see vRealize Automation Load
Balancing.
If you supply or generate your own certificates using Openssl or another tool, you can use either wildcard
or Subject Alternative Name (SAN) certificates. Note that the IaaS certificates must be multi-use
certificates.
If you are supplying certificates, you must obtain a multiple-use certificate that includes the IaaS
component in the cluster, and then copy that certificate to the trust store for each component. If you use
load balancers, you must include the load balancer FQDN in the trusted address of the cluster multiple-
use certificate.
f you are need to update system generated self-signed certificates with user or CA supplied certificates,
see Managing vRealize Automation.
The Certificate Trust Requirements table summarizes the trust registration requirements for various
imported certificates.
Table 5‑3. Certificate Trust Requirements
Import Register
vRealize Automation appliance cluster IaaS Web components cluster
IaaS Web component cluster
n
vRealize Automation appliance cluster
n
Manager Service components cluster
n
DEM Orchestrators and DEM Worker components
Manager Service component cluster
n
DEM Orchestrators and DEM Worker components
n
Agents and Proxy Agents
Installing vRealize Automation
VMware, Inc. 59