6.2
Table Of Contents
- Foundations and Concepts
- Contents
- Foundations and Concepts
- Introducing vRealize Automation
- Tenancy and User Roles
- Service Catalog
- Infrastructure as a Service
- Advanced Service Designer
- Common Components
- Extensibility
- vRealize Automation Extensibility Options
- Leveraging Existing and Future Infrastructure
- Configuring Business-Relevant Services
- Integrating with Third-Party Management Systems
- Adding New IT Services and Creating New Actions
- Calling vRealize Automation Services from External Applications
- Distributed Execution
Table 2‑1. Tenant Configuration (Continued)
Configuration Area Description
Service catalog offerings Service architects can create and publish catalog items to the service catalog and
assign them to service categories. Services and catalog items are always specific to a
tenant.
Infrastructure resources The underlying infrastructure fabric resources, for example, vCenter servers, Amazon
AWS accounts, or Cisco UCS pools, are shared among all tenants. For each
infrastructure source that vRealize Automation manages, a portion of its compute
resources can be reserved for users in a specific tenant to use.
About the Default Tenant
When the system administrator configures single sign-on during the installation of vRealize Automation, a
default tenant is created with the built-in system administrator account to log in to the
vRealize Automation console. The system administrator can then configure the default tenant and create
additional tenants.
The default tenant supports all of the functions described in Tenant Configuration. In the default tenant,
the system administrator can also manage system-wide configuration, including global system defaults for
branding and notifications, and monitor system logs.
The default tenant is the only tenant that supports native Active Directory authentication. All other tenants
must use Active Directory over OpenLDAP.
User and Group Management
All user authentication is handled through single sign-on. Each tenant has one or more identity stores,
such as Active Directory servers, that provide authentication.
The system administrator performs the initial configuration of single sign-on and basic tenant setup,
including designating at least one identity store and a tenant administrator for each tenant. Thereafter, a
tenant administrator can configure additional identity stores and assign roles to users or groups from the
identity stores.
Tenant administrators can also create custom groups within their own tenant and add users and groups
defined in the identity store to custom groups. Custom groups, like identity store groups and users, can
be assigned roles or designated as the approvers in an approval policy.
Tenant administrators can also create business groups within their tenant. A business group is a set of
users, often corresponding to a line of business, department or other organizational unit, that can be
associated with a set of catalog services and infrastructure resources. Users, identity store groups, and
custom groups can be added to business groups.
Comparison of Single-Tenant and Multitenant Deployments
vRealize Automation supports deployments with either a single tenant or multiple tenants. The
configuration can vary depending on how many tenants are in your deployment.
Foundations and Concepts
VMware, Inc. 11